bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426

Analysis

max time kernel
118s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 04:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
Size

468KB
MD5

2246901b182c449ba3dd8981718e26a0
SHA1

a2fe8575b0205cd8dd4fd61fa22f0d26dc9d07ea
SHA256

bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426
SHA512

53f11bb88ec22dd43b2e7899bebb81e019cc050b2e08dfee897fc4891361ba81f98572beabbb3cd9521a173c4d89a56a35f62c86cc45122758a867db5ac9c84a
SSDEEP

3072:193HogIKIE5TtbYtHz2Ocf8/zCha40pkJVHeTVPyQ65+LC3uEfls:193oDMTtqHqOcfhY10Q6Am3uE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2852	Unicorn-23175.exe
1040	Unicorn-54493.exe
2116	Unicorn-35696.exe
2724	Unicorn-44680.exe
2616	Unicorn-8478.exe
2280	Unicorn-60632.exe
2564	Unicorn-54502.exe
2656	Unicorn-40311.exe
1156	Unicorn-36397.exe
1272	Unicorn-56455.exe
1200	Unicorn-22942.exe
2904	Unicorn-23207.exe
2224	Unicorn-3341.exe
2744	Unicorn-17076.exe
1932	Unicorn-52122.exe
2136	Unicorn-48785.exe
2232	Unicorn-35594.exe
2000	Unicorn-8396.exe
2528	Unicorn-4099.exe
704	Unicorn-18026.exe
2408	Unicorn-56445.exe
1788	Unicorn-10124.exe
1360	Unicorn-55796.exe
1728	Unicorn-58557.exe
608	Unicorn-58484.exe
1528	Unicorn-58749.exe
3024	Unicorn-3610.exe
900	Unicorn-27753.exe
888	Unicorn-16054.exe
1800	Unicorn-16054.exe
2456	Unicorn-45476.exe
1876	Unicorn-31740.exe
1596	Unicorn-27403.exe
2996	Unicorn-43931.exe
2316	Unicorn-24065.exe
1032	Unicorn-56930.exe
2748	Unicorn-59883.exe
2696	Unicorn-4168.exe
2592	Unicorn-59499.exe
2556	Unicorn-26562.exe
2052	Unicorn-45659.exe
2628	Unicorn-58850.exe
348	Unicorn-28939.exe
1484	Unicorn-6965.exe
860	Unicorn-12711.exe
2908	Unicorn-12903.exe
2060	Unicorn-52504.exe
2796	Unicorn-16110.exe
1576	Unicorn-27045.exe
592	Unicorn-51928.exe
2740	Unicorn-51663.exe
2124	Unicorn-42606.exe
2380	Unicorn-2535.exe
1968	Unicorn-65036.exe
1984	Unicorn-32363.exe
1872	Unicorn-8342.exe
1704	Unicorn-24295.exe
596	Unicorn-53630.exe
1548	Unicorn-5690.exe
1720	Unicorn-24596.exe
3028	Unicorn-27284.exe
3004	Unicorn-27284.exe
1672	Unicorn-7418.exe
468	Unicorn-10371.exe

Loads dropped DLL 64 IoCs

pid	Process
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2852	Unicorn-23175.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2852	Unicorn-23175.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
1040	Unicorn-54493.exe
2852	Unicorn-23175.exe
2852	Unicorn-23175.exe
1040	Unicorn-54493.exe
2116	Unicorn-35696.exe
2116	Unicorn-35696.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2724	Unicorn-44680.exe
2724	Unicorn-44680.exe
1040	Unicorn-54493.exe
1040	Unicorn-54493.exe
2564	Unicorn-54502.exe
2564	Unicorn-54502.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2852	Unicorn-23175.exe
2616	Unicorn-8478.exe
2116	Unicorn-35696.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2616	Unicorn-8478.exe
2116	Unicorn-35696.exe
2852	Unicorn-23175.exe
1496	WerFault.exe
2656	Unicorn-40311.exe
2656	Unicorn-40311.exe
2724	Unicorn-44680.exe
2724	Unicorn-44680.exe
1156	Unicorn-36397.exe
1156	Unicorn-36397.exe
1272	Unicorn-56455.exe
1272	Unicorn-56455.exe
2564	Unicorn-54502.exe
2564	Unicorn-54502.exe
1040	Unicorn-54493.exe
1040	Unicorn-54493.exe
2904	Unicorn-23207.exe
2904	Unicorn-23207.exe
2616	Unicorn-8478.exe
2744	Unicorn-17076.exe
2744	Unicorn-17076.exe
2616	Unicorn-8478.exe
2224	Unicorn-3341.exe
2224	Unicorn-3341.exe
2852	Unicorn-23175.exe
1200	Unicorn-22942.exe
1200	Unicorn-22942.exe
2852	Unicorn-23175.exe
2116	Unicorn-35696.exe
2116	Unicorn-35696.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
1932	Unicorn-52122.exe
2136	Unicorn-48785.exe
1932	Unicorn-52122.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1496	2280	WerFault.exe	36
2540	1788	WerFault.exe	53
3016	1272	WerFault.exe	41
1404	1968	WerFault.exe	86
2344	1484	WerFault.exe	75
2676	608	WerFault.exe	56
2672	2380	WerFault.exe	85
2572	1576	WerFault.exe	79
108	2592	WerFault.exe	70
2416	348	WerFault.exe	74
2976	704	WerFault.exe	51
792	1360	WerFault.exe	54
1348	2748	WerFault.exe	68
3052	2232	WerFault.exe	48
2832	468	WerFault.exe	98
1036	3004	WerFault.exe	93
2068	2316	WerFault.exe	65
2096	2740	WerFault.exe	82
1716	2732	WerFault.exe	103
3692	2820	WerFault.exe	129
3164	1744	WerFault.exe	121
3456	2600	WerFault.exe	133
3964	860	WerFault.exe	76
3260	548	WerFault.exe	143
3472	2112	WerFault.exe	140
3884	1300	WerFault.exe	146
3844	828	WerFault.exe	110
3252	2756	WerFault.exe	109
3332	1672	WerFault.exe	95
3432	1940	WerFault.exe	151
3440	2804	WerFault.exe	150
3516	1868	WerFault.exe	152
3824	2080	WerFault.exe	173
3956	1920	WerFault.exe	111
2432	2164	WerFault.exe	108
3728	1984	WerFault.exe	87
3372	1032	WerFault.exe	67
4064	1556	WerFault.exe	106
4108	2664	WerFault.exe	147
4140	2668	WerFault.exe	158
4148	2108	WerFault.exe	160
4156	872	WerFault.exe	156
4176	1356	WerFault.exe	169
4240	1324	WerFault.exe	157
4896	2588	WerFault.exe	148
4880	2188	WerFault.exe	114
4888	2884	WerFault.exe	105
4872	1128	WerFault.exe	97
4928	2136	WerFault.exe	47
4232	2332	WerFault.exe	170
4356	1828	WerFault.exe	124
4368	668	WerFault.exe	141
4440	1728	WerFault.exe	55
4488	2992	WerFault.exe	115
4732	1796	WerFault.exe	118
4544	2324	WerFault.exe	144
4952	912	WerFault.exe	119
5248	1824	WerFault.exe	145
5264	2696	WerFault.exe	69
5272	2060	WerFault.exe	78
5296	1780	WerFault.exe	163
5908	1872	WerFault.exe	88
5940	1856	WerFault.exe	154
5972	2000	WerFault.exe	49

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65259.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
2852	Unicorn-23175.exe
1040	Unicorn-54493.exe
2116	Unicorn-35696.exe
2724	Unicorn-44680.exe
2616	Unicorn-8478.exe
2564	Unicorn-54502.exe
2280	Unicorn-60632.exe
2656	Unicorn-40311.exe
1156	Unicorn-36397.exe
1272	Unicorn-56455.exe
1200	Unicorn-22942.exe
2904	Unicorn-23207.exe
2224	Unicorn-3341.exe
2744	Unicorn-17076.exe
1932	Unicorn-52122.exe
2136	Unicorn-48785.exe
2232	Unicorn-35594.exe
2000	Unicorn-8396.exe
2528	Unicorn-4099.exe
704	Unicorn-18026.exe
2408	Unicorn-56445.exe
1360	Unicorn-55796.exe
608	Unicorn-58484.exe
1728	Unicorn-58557.exe
1528	Unicorn-58749.exe
3024	Unicorn-3610.exe
1788	Unicorn-10124.exe
900	Unicorn-27753.exe
888	Unicorn-16054.exe
1800	Unicorn-16054.exe
1876	Unicorn-31740.exe
1596	Unicorn-27403.exe
2996	Unicorn-43931.exe
2456	Unicorn-45476.exe
2316	Unicorn-24065.exe
1032	Unicorn-56930.exe
2748	Unicorn-59883.exe
2592	Unicorn-59499.exe
2696	Unicorn-4168.exe
2556	Unicorn-26562.exe
2052	Unicorn-45659.exe
348	Unicorn-28939.exe
2628	Unicorn-58850.exe
1484	Unicorn-6965.exe
860	Unicorn-12711.exe
2908	Unicorn-12903.exe
2060	Unicorn-52504.exe
2796	Unicorn-16110.exe
1576	Unicorn-27045.exe
592	Unicorn-51928.exe
2740	Unicorn-51663.exe
2380	Unicorn-2535.exe
2124	Unicorn-42606.exe
1968	Unicorn-65036.exe
1984	Unicorn-32363.exe
1704	Unicorn-24295.exe
1872	Unicorn-8342.exe
596	Unicorn-53630.exe
1548	Unicorn-5690.exe
1720	Unicorn-24596.exe
1672	Unicorn-7418.exe
3004	Unicorn-27284.exe
3028	Unicorn-27284.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2852	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	31
PID 2148 wrote to memory of 2852	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	31
PID 2148 wrote to memory of 2852	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	31
PID 2148 wrote to memory of 2852	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	31
PID 2852 wrote to memory of 1040	2852	Unicorn-23175.exe	32
PID 2852 wrote to memory of 1040	2852	Unicorn-23175.exe	32
PID 2852 wrote to memory of 1040	2852	Unicorn-23175.exe	32
PID 2852 wrote to memory of 1040	2852	Unicorn-23175.exe	32
PID 2148 wrote to memory of 2116	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	33
PID 2148 wrote to memory of 2116	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	33
PID 2148 wrote to memory of 2116	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	33
PID 2148 wrote to memory of 2116	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	33
PID 1040 wrote to memory of 2724	1040	Unicorn-54493.exe	34
PID 1040 wrote to memory of 2724	1040	Unicorn-54493.exe	34
PID 1040 wrote to memory of 2724	1040	Unicorn-54493.exe	34
PID 1040 wrote to memory of 2724	1040	Unicorn-54493.exe	34
PID 2852 wrote to memory of 2616	2852	Unicorn-23175.exe	35
PID 2852 wrote to memory of 2616	2852	Unicorn-23175.exe	35
PID 2852 wrote to memory of 2616	2852	Unicorn-23175.exe	35
PID 2852 wrote to memory of 2616	2852	Unicorn-23175.exe	35
PID 2116 wrote to memory of 2280	2116	Unicorn-35696.exe	36
PID 2116 wrote to memory of 2280	2116	Unicorn-35696.exe	36
PID 2116 wrote to memory of 2280	2116	Unicorn-35696.exe	36
PID 2116 wrote to memory of 2280	2116	Unicorn-35696.exe	36
PID 2148 wrote to memory of 2564	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	37
PID 2148 wrote to memory of 2564	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	37
PID 2148 wrote to memory of 2564	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	37
PID 2148 wrote to memory of 2564	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	37
PID 2724 wrote to memory of 2656	2724	Unicorn-44680.exe	38
PID 2724 wrote to memory of 2656	2724	Unicorn-44680.exe	38
PID 2724 wrote to memory of 2656	2724	Unicorn-44680.exe	38
PID 2724 wrote to memory of 2656	2724	Unicorn-44680.exe	38
PID 1040 wrote to memory of 1156	1040	Unicorn-54493.exe	39
PID 1040 wrote to memory of 1156	1040	Unicorn-54493.exe	39
PID 1040 wrote to memory of 1156	1040	Unicorn-54493.exe	39
PID 1040 wrote to memory of 1156	1040	Unicorn-54493.exe	39
PID 2564 wrote to memory of 1272	2564	Unicorn-54502.exe	41
PID 2564 wrote to memory of 1272	2564	Unicorn-54502.exe	41
PID 2564 wrote to memory of 1272	2564	Unicorn-54502.exe	41
PID 2564 wrote to memory of 1272	2564	Unicorn-54502.exe	41
PID 2280 wrote to memory of 1496	2280	Unicorn-60632.exe	40
PID 2280 wrote to memory of 1496	2280	Unicorn-60632.exe	40
PID 2280 wrote to memory of 1496	2280	Unicorn-60632.exe	40
PID 2280 wrote to memory of 1496	2280	Unicorn-60632.exe	40
PID 2148 wrote to memory of 1200	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	42
PID 2148 wrote to memory of 1200	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	42
PID 2148 wrote to memory of 1200	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	42
PID 2148 wrote to memory of 1200	2148	bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe	42
PID 2616 wrote to memory of 2904	2616	Unicorn-8478.exe	44
PID 2616 wrote to memory of 2904	2616	Unicorn-8478.exe	44
PID 2616 wrote to memory of 2904	2616	Unicorn-8478.exe	44
PID 2616 wrote to memory of 2904	2616	Unicorn-8478.exe	44
PID 2116 wrote to memory of 2224	2116	Unicorn-35696.exe	45
PID 2116 wrote to memory of 2224	2116	Unicorn-35696.exe	45
PID 2116 wrote to memory of 2224	2116	Unicorn-35696.exe	45
PID 2116 wrote to memory of 2224	2116	Unicorn-35696.exe	45
PID 2852 wrote to memory of 2744	2852	Unicorn-23175.exe	43
PID 2852 wrote to memory of 2744	2852	Unicorn-23175.exe	43
PID 2852 wrote to memory of 2744	2852	Unicorn-23175.exe	43
PID 2852 wrote to memory of 2744	2852	Unicorn-23175.exe	43
PID 2656 wrote to memory of 1932	2656	Unicorn-40311.exe	46
PID 2656 wrote to memory of 1932	2656	Unicorn-40311.exe	46
PID 2656 wrote to memory of 1932	2656	Unicorn-40311.exe	46
PID 2656 wrote to memory of 1932	2656	Unicorn-40311.exe	46

C:\Users\Admin\AppData\Local\Temp\bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe
"C:\Users\Admin\AppData\Local\Temp\bec3d8e7425ceb6b2f8852a7472b6ec9b29f748d27c1d434ccbbfb51e5570426N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23175.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63966.exe
        10⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 248
        10⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1564.exe
        9⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 224
        9⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 240
        9⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46659.exe
        8⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 248
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        8⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        9⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
        9⤵
        Program crash
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14212.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
        7⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 244
        8⤵
        Program crash
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39348.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        7⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        7⤵
        Executes dropped EXE
        
        PID:468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 244
        8⤵
        Program crash
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        8⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        8⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        8⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1111.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        7⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        9⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        9⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 224
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30862.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 228
        8⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 228
        7⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        6⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        7⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 244
        7⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17114.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        6⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39079.exe
        6⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40450.exe
        8⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 244
        9⤵
        Program crash
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
        8⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 220
        8⤵
        Program crash
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
        7⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 244
        8⤵
        Program crash
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33482.exe
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        7⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65009.exe
        8⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
        8⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        7⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        6⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        7⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
        7⤵
        
        PID:8720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 228
        6⤵
        Program crash
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45476.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        9⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
        8⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        8⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-537.exe
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
        7⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        6⤵
        
        PID:548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 244
        7⤵
        Program crash
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        6⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        7⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35611.exe
        7⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
        6⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
        6⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        6⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        7⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 248
        7⤵
        
        PID:5804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 228
        6⤵
        Program crash
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        6⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        6⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
        5⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        5⤵
        
        PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 244
        9⤵
        Program crash
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        9⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        8⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 244
        8⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1999.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15077.exe
        9⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
        9⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 248
        8⤵
        Program crash
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63406.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 244
        7⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10403.exe
        7⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 224
        8⤵
        Program crash
        
        PID:3824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        7⤵
        Program crash
        
        PID:3332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        6⤵
        Program crash
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 244
        7⤵
        Program crash
        
        PID:1036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 228
        6⤵
        Program crash
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4241.exe
        5⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        6⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-868.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 248
        6⤵
        Program crash
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30136.exe
        6⤵
        
        PID:7428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 228
        6⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        5⤵
        
        PID:6284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 228
        5⤵
        
        PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 224
        6⤵
        Program crash
        
        PID:108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
        5⤵
        Program crash
        
        PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
        6⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        7⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 224
        7⤵
        
        PID:9040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        6⤵
        Program crash
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
        5⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18973.exe
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
        6⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
        5⤵
        
        PID:6256
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 248
        5⤵
        
        PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
      4⤵
      PID:1744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 220
        5⤵
        Program crash
        
        PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61469.exe
      4⤵
      PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        5⤵
        
        PID:7324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 248
        5⤵
        
        PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6291.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
      4⤵
      PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
      4⤵
      PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
      4⤵
      PID:9872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        7⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
        9⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 228
        9⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
        8⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        8⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        8⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 228
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63776.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2564.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
        7⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50532.exe
        6⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
        8⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 228
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        7⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 224
        7⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44598.exe
        6⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46910.exe
        7⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 228
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        6⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        6⤵
        
        PID:8208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 248
        6⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26204.exe
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        8⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        8⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        7⤵
        Program crash
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
        6⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        7⤵
        Program crash
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        6⤵
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 248
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36615.exe
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        7⤵
        
        PID:9428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        6⤵
        Program crash
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        5⤵
        
        PID:1356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 224
        6⤵
        Program crash
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64863.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
        5⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        5⤵
        
        PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 244
        6⤵
        Program crash
        
        PID:2416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        5⤵
        Program crash
        
        PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 224
        5⤵
        Program crash
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21061.exe
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        6⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13834.exe
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        5⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30011.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
      4⤵
      PID:3092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 224
        5⤵
        
        PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
      4⤵
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
      4⤵
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16265.exe
      4⤵
      PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
      4⤵
      PID:10016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        5⤵
        Program crash
        
        PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14813.exe
        5⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10595.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        7⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
        7⤵
        
        PID:7572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        6⤵
        Program crash
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        5⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        6⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        6⤵
        
        PID:6860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 224
        6⤵
        
        PID:8164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 244
        5⤵
        Program crash
        
        PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
      4⤵
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54565.exe
        5⤵
        
        PID:1868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 220
        6⤵
        Program crash
        
        PID:3516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 228
        5⤵
        Program crash
        
        PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
      4⤵
      PID:872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 224
        5⤵
        Program crash
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 248
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
        6⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
        7⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
        7⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10186.exe
        6⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        6⤵
        
        PID:8240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 248
        6⤵
        
        PID:9788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
        5⤵
        Program crash
        
        PID:3964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
      4⤵
      Program crash
      PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 244
      4⤵
      Program crash
      PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
    3⤵
    PID:2820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 224
      4⤵
      Program crash
      PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
    3⤵
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33520.exe
      4⤵
      PID:8972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:10176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
    3⤵
    PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
    3⤵
    PID:6696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
    3⤵
    PID:7896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
    3⤵
    PID:9448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        6⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 224
        7⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15533.exe
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        7⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53247.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47497.exe
        6⤵
        
        PID:7780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
        6⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        5⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45089.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
        7⤵
        
        PID:9696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 248
        6⤵
        Program crash
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28023.exe
        6⤵
        
        PID:6980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 228
        6⤵
        
        PID:8396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 248
        5⤵
        Program crash
        
        PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16110.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
        5⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        8⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 228
        7⤵
        Program crash
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19742.exe
        7⤵
        
        PID:10024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        6⤵
        Program crash
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        6⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
        7⤵
        
        PID:9280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 248
        6⤵
        Program crash
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
        6⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
        5⤵
        
        PID:6644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 248
        5⤵
        
        PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
      4⤵
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        5⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
        6⤵
        
        PID:7728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 228
        6⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        5⤵
        
        PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
      4⤵
      PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 228
        5⤵
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
      4⤵
      PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
      4⤵
      PID:9808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        5⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        8⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 228
        8⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        7⤵
        Program crash
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        8⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        7⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        6⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        6⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        5⤵
        
        PID:3284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        5⤵
        Program crash
        
        PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
      4⤵
      PID:2732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 244
        5⤵
        Program crash
        
        PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
      4⤵
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        5⤵
        
        PID:4132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 248
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
      4⤵
      PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
      4⤵
      PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
      4⤵
      PID:8988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        6⤵
        
        PID:5828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 228
        6⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13444.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        5⤵
        
        PID:8796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 228
      4⤵
      Program crash
      PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
    3⤵
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
      4⤵
      PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8157.exe
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
      4⤵
      PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
      4⤵
      PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
      4⤵
      PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
      4⤵
      PID:9360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
      4⤵
      PID:6160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49432.exe
      4⤵
      PID:7840
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 224
      4⤵
      PID:8204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe
    3⤵
    PID:6100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
    3⤵
    PID:7140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
    3⤵
    PID:1008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
    3⤵
    PID:9436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60372.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56109.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
        9⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53753.exe
        9⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
        9⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        8⤵
        Program crash
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
        7⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        8⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        8⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 224
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        7⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        6⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48625.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11695.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15680.exe
        7⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 244
        7⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        6⤵
        
        PID:6720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        6⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
        7⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41103.exe
        7⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 248
        7⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        6⤵
        
        PID:6760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 244
        6⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        5⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        6⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
        6⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55934.exe
        6⤵
        
        PID:7432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 220
        6⤵
        
        PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        5⤵
        
        PID:3584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 244
        5⤵
        Program crash
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25929.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        7⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 224
        7⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7461.exe
        6⤵
        
        PID:6676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        6⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17792.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46547.exe
        6⤵
        
        PID:9764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 244
        5⤵
        Program crash
        
        PID:3372
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
      4⤵
      Program crash
      PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        5⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        6⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51614.exe
        7⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
        7⤵
        
        PID:5704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        6⤵
        Program crash
        
        PID:4064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        5⤵
        Program crash
        
        PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
        5⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14634.exe
        6⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        5⤵
        
        PID:6396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 244
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
      4⤵
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        5⤵
        
        PID:6748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8541.exe
      4⤵
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
      4⤵
      PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
      4⤵
      PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
      4⤵
      PID:9392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
      4⤵
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        5⤵
        
        PID:2804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 220
        6⤵
        Program crash
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        5⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        5⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        5⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3582.exe
        5⤵
        
        PID:10000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
      4⤵
      PID:1940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 220
        5⤵
        Program crash
        
        PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
      4⤵
      PID:3636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
      4⤵
      Program crash
      PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
    3⤵
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
      4⤵
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        5⤵
        
        PID:6176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 228
        5⤵
        
        PID:7928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 228
      4⤵
      Program crash
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
    3⤵
    PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
      4⤵
      PID:10208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
    3⤵
    PID:4388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
    3⤵
    PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe
    3⤵
    PID:6912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 244
    3⤵
    PID:7592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2535.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 244
        5⤵
        Program crash
        
        PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
      4⤵
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
        5⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        6⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        6⤵
        
        PID:7612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 228
        6⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
        5⤵
        
        PID:4964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 224
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
      4⤵
      PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        5⤵
        
        PID:7888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 228
        5⤵
        
        PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25043.exe
      4⤵
      PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
      4⤵
      PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25546.exe
      4⤵
      PID:9772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 244
      4⤵
      Program crash
      PID:1404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
      4⤵
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        5⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
        5⤵
        
        PID:9472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 248
      4⤵
      Program crash
      PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
      4⤵
      PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
      4⤵
      PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3280.exe
      4⤵
      PID:8708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65413.exe
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
    3⤵
    PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
    3⤵
    PID:6584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
    3⤵
    PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
    3⤵
    PID:9408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27753.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27753.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
      4⤵
      PID:2600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        5⤵
        Program crash
        
        PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2115.exe
        5⤵
        
        PID:7980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 248
        5⤵
        
        PID:8284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
      4⤵
      PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
      4⤵
      PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe
      4⤵
      PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
      4⤵
      PID:9840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
    3⤵
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
      4⤵
      PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        5⤵
        
        PID:8304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 224
        5⤵
        
        PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
      4⤵
      PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
      4⤵
      PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
      4⤵
      PID:6244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 244
      4⤵
      PID:7376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
    3⤵
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
      4⤵
      PID:6808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 224
      4⤵
      PID:8388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
    3⤵
    PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50523.exe
    3⤵
    PID:880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 244
    3⤵
    PID:8380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
    3⤵
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
      4⤵
      PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28676.exe
        5⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19701.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        5⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
        5⤵
        
        PID:9716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 248
      4⤵
      Program crash
      PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
    3⤵
    PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
      4⤵
      PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
      4⤵
      PID:6884
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 220
      4⤵
      PID:7624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
    3⤵
    PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
    3⤵
    PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
    3⤵
    PID:6164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 248
    3⤵
    PID:7364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
  2⤵
  PID:1136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
    3⤵
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12371.exe
      4⤵
      PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
      4⤵
      PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
      4⤵
      PID:9752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21722.exe
    3⤵
    PID:4740
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 224
    3⤵
    PID:5512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
  2⤵
  PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
    3⤵
    PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
    3⤵
    PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
    3⤵
    PID:8780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
  2⤵
  PID:4712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
  2⤵
  PID:2476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
  2⤵
  PID:8272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
  2⤵
  PID:9884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe

Filesize
468KB

MD5
c7022d4b284c8bba09b6e77284bd97eb

SHA1
d0887fa1d79c2beed7297aa585081d9d527110ee

SHA256
da86eebcbea9f24ba1dfd4e044902f49503d44b09ce6799dec4281aa16037ff6

SHA512
3d58420ce20fd5c87b6ef3f25f7bc8f11c7db6733bfb3affc27f40f3c60a1f84e369e6c602d5e3a16222494afa7e99a27681ef0c873a596804e4b4329848210b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe

Filesize
468KB

MD5
3254c93defbfd4f4a95b982edcd160a7

SHA1
ea53a58a4d604542992a6f30d1107c98e67f441e

SHA256
59dfc75b5d4cf75509c915c75e56e932dd38c4c68ea269ec4f5daeaf01fdcb95

SHA512
529cfccd982c00b519efb458860bd67c20e724c9ef635be648288a7b13cd8973a46bf6c3b25e08530cb1fe9ee1f9ec7bc10873a1409976d02cea959eaf3c4c9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe

Filesize
468KB

MD5
6db5f38fa2e890951191a923463452a5

SHA1
59c5464afb02c9120242adbe0255f05f7271f0e8

SHA256
fef6a0c93ee67f67df24fa54a06a8fd66ba86e61182d4cd4b4ab3a708071382f

SHA512
4c4d8d1487ce778387dbeec78c6c67e4e6cbfebf98187de735ce895ecadf1ee0f21add880dfbd2055a46236db659c41147ebb2602c2c2499938a76df49512e12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe

Filesize
468KB

MD5
28e3a1f28ebbfcfe102ae0feab74c6c5

SHA1
a37034c05fc73db5cea8f0c6744583b372d0bda1

SHA256
8e9d3c639282c00a66f39d057b6abae674a3f4f9f7ecf676d4c50f55d88f635e

SHA512
80a11ff8b6958747f8a060b95d73cd9babe84527885e3ad4e8c0e1d108491f00ff22ad8219c9e3cd3185548184f21ddecb2df81f378fec098c636a8e8507bf47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe

Filesize
468KB

MD5
753060ad4db49a5b97ebf5f93bc5a6d2

SHA1
bec6e93701a73fbc409b514126b39c3c4654b5d7

SHA256
2ee0ab3dcb59c0401435223a1d963001011b93a9ce3590d32c82cd76607a07fe

SHA512
e0e54e609e1a620787a7f4088e751132588227fc2ea13c183a3b1d976ee0738d5004866c0316334b878d6751a76c7aad70b2ed4a823aa646406ad184588170d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56455.exe

Filesize
468KB

MD5
9a355183c88d4cf547de349944e7edee

SHA1
dae6d1633940c4d74b41b15aa115acbd00630836

SHA256
0468ee0ac0b1b50e12f32890c54174cf84c4c2bb24d7abb88a660ff245052168

SHA512
2ae2b8d81f75f86de8a6ad797410db4d3ddd9a521729fb5f12694c06bd8cd869749dcca86e4b161b0e9247e1c34d82a4c7f5e159f42d98e7063666964d876f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe

Filesize
468KB

MD5
b6afa4e1378c0bb77a15a4979d896046

SHA1
dbfd49c139dd2e269f75062a6cf01256474be14f

SHA256
0e323524137854f74b1f1ba01ed2d762ba0ba57d62570ed9f535470155987d34

SHA512
6f9b2784688e43179628df45397cc00689548246be1f635c172c4036af5d1281c51f6222a028e3e79a4e12f0c9246be4b952f93229e37f2aa751b65880c0c932

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65413.exe

Filesize
468KB

MD5
6c95756c2833a83108989c0bc2be17be

SHA1
3c9070ab569b9f112da789f54ceb6379ed172544

SHA256
f6f95746fb4a402060eddcbd8563d49b9504a3673e848972861c94bd29a8cc12

SHA512
3259958e32657c88370a5e06da0eb3b6e11eabb1dc18c8ffcd3c80e1e4646b9671e90969281f39d6b66c88e8312f1a34d5195713974ea1c07fccee05c821f45e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe

Filesize
468KB

MD5
c4bf9e7d0cc0c25cf79b3eb3db20d71d

SHA1
0caaa3632f2e2cec72ead840f86d5d107a8ac1ef

SHA256
95e32dd6d53017e93a82eec27d043f4bcd0295fc6a61232fc5f19d2a53b829d1

SHA512
8aa4549fc8eac6967a1d033973c17ad12aad037b596f0a3b4a9c01c89531b86ef222c3ee0e84971c16ec8b329abc749a67ce55af16e2f469df57750ce7c47c72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe

Filesize
468KB

MD5
824c97611cef3ea71f399e73b01ff76b

SHA1
78c8ab4142be46d1f4a22b9fb4f75eadcf358b59

SHA256
7525fa105c5475496daa4cca0784cb6a857e32c4e597196fd383710f8f6f1365

SHA512
f0743bb2dc7cdbd844431f1eeee82c17aff238ec44bd8de474fc60c548c9283c4b446895b1dfd31c264a87b5acaf8d8cd30d884c9827129e84882de8df463108

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe

Filesize
468KB

MD5
1a33ba9a3d18256dd400d90da7f72c5d

SHA1
402517f78b85a48befc433d0679a9b415a95c73c

SHA256
a3bcd18dce512493b8b96fea56aad6e5dcc1c3d83eb94c3d14826934b7571cc2

SHA512
5677d9913fc76389521de6d9f5ce10a46ec4f74ae992cfe27de2321a2cf76e28ae4f2d01ac13a557ec67aef10ee0dfebfad761a0d5e102932db88b931a508e31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23175.exe

Filesize
468KB

MD5
69b46dc4cf067b22b5da19a554f716bc

SHA1
a5cacf909cfa56cb10f0236e8f1a5d4fce8a7d15

SHA256
0277f956377c28f581b23bdd686432a3f1a7d07fef8900b0613f1dea70cbf8fc

SHA512
098a579c60566b11edc5fdd66cf681d64b7414c510a73faaef611a21a5da107840b3e6a60d76832f15308c9258bffca9f327e0f680b1195fa4f023fc9902093a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe

Filesize
468KB

MD5
b49285caab91589f84bdd535309027d9

SHA1
c9bd82ebbc98e4dcb15e03c6ee69fbde9e79c722

SHA256
24ae8804109d5d0c45e736376faea2748b2d30994959d57e5758bb1d3dab3cf5

SHA512
d26fb1debd6d14084181ee87380cb87820b2625d241c04567c45c40cee0d2721f73c612cbc6c349293c1d2fbe7117b40b396c92a5e3e70ea02c3d6580df3689c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe

Filesize
468KB

MD5
2b3d6b72988c5908e6db14928bdff942

SHA1
edc285d7d469df34ebbdd64c4d01b903e3e13221

SHA256
dd5b15e1e1aaec76b76fd033e98d054d4ab82edcaed65328fa7430df736539b3

SHA512
622a938f0a7fca910a0c706db646883f48846678086a6bb07ccebc83f33d6d582a270632e05e5e31be4ce665b94649c93d989a9e2824838e18ee20832fe55c96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe

Filesize
468KB

MD5
ee5118753ec0c02809c8487f152e508f

SHA1
b92a481fd8226e7bafeafef53ee2cb37bdb4ce70

SHA256
84ff503afcc1cfc8f8a9a1728d736909521ee04a802e85fb94bf76a8614f507a

SHA512
0694328c5c5a54306ad853efc76d69e0382a7121348a1fecd70967fc88969fc002405b079b9dd3446ec59fece19a33cd2cab66953c99831f76e757dd19299387

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe

Filesize
468KB

MD5
8923363aa1150ea435e899ec5419f944

SHA1
0c853ea10df6a5f1c722c00f54f13ff498b5b6b0

SHA256
5afdb5048bb9196bb75fb45d1794d7814356237b8c3908e454855a7e14f49e62

SHA512
f5159a3af410ceb8f1ffa0a882a4f10a7753d4a93f6c536a17760810dccd99c7818758bc01d67093cb0e5fa15cc23a857ff979a148486157ee15685b56fe9692

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe

Filesize
468KB

MD5
60a0fd5021a77ef6029fb64fae435335

SHA1
c2b2328f0c9559f44b916730cd022bed19f32103

SHA256
8683344050b80a0d3d3a8ed77324287dd9e2020174c3c52c0c83734fd305b755

SHA512
6aafbf2f0818a115e9eedec6c2d382fdd399a6e5e0d9c640a32f6ca7a98c5d031a0b97b7e6dbe607ac3a27aa97966493033788493c8eb21169adca54f3d8892c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe

Filesize
468KB

MD5
22c4c3ec2a4ac80156e0c2d91c4ccf08

SHA1
121b12c093738c94a8bc89e103b4320d332d1851

SHA256
292acc0fa6dc29dd13be317051938c318f289a9bed09777e0fc92dbe3b18d8c0

SHA512
7b1bf76af5f8444a02a546e340384b4878669b21ae79216324274cec5687e8be9840b3baff914fbef459439c5d01bf46ca3e3c70f6241dfae4eef1f8305980e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe

Filesize
468KB

MD5
068150685270af608bddf82c8f2cc48a

SHA1
587a89184baedc2fb4b7092ead67382f8e748eda

SHA256
801b66a85a9c9d21e0b04b295bf0f35e7c9b67d868c54f4a8f1a6edbccdfc5a5

SHA512
275165ba191d569791b66d9a0807d0a4d54a9aad1aefa2496742d74f79027873f9c3d61820ffbd8a87afa632b943966e58c84147d63c7c131f33edd48b66a7fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe

Filesize
468KB

MD5
df149aa03c8014a08a88fa6f60260c35

SHA1
3a15d4c9eca5a73bae31e129d0ea8ac6632b4f1e

SHA256
db2777b29576eb987969a51b1bcef337570fd6cf972e2052a1b0165d0b5509d6

SHA512
0fb6654e61885c77a0b6e8f825f85c16e86998f3e580482475085e1b248455c952e98c059395b475f1ca57d367d338f59ff75da219827bf0df6781151830e089

Download Submit