4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
Size

468KB
MD5

6488bce18a937256c8bbba0d3be1dda5
SHA1

efce24bbbac871de987297cb238e64797445c832
SHA256

4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1
SHA512

feb4672fe6694e75fa01fa6346c4de4cf832bf6508a2d300691a43a3f82e88d4f1d6542f46921758d508fea429605ed89a4c54080f2a92b4269e92aa349654d2
SSDEEP

3072:mrzIogKxjz8UFbYWPz3yqf8/Eptj7PpgPmHx+lOFEln0Ac71SDlR:mr8otAUF1PDyqf/BtPEl0J71S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1892	Unicorn-18876.exe
1124	Unicorn-8652.exe
2696	Unicorn-50240.exe
2820	Unicorn-31294.exe
2132	Unicorn-4137.exe
2976	Unicorn-40038.exe
2112	Unicorn-33907.exe
1932	Unicorn-34392.exe
280	Unicorn-52015.exe
624	Unicorn-22680.exe
2952	Unicorn-40697.exe
608	Unicorn-21096.exe
2008	Unicorn-34831.exe
2964	Unicorn-40962.exe
604	Unicorn-10510.exe
1908	Unicorn-35107.exe
2836	Unicorn-21371.exe
2148	Unicorn-41237.exe
1736	Unicorn-53297.exe
1692	Unicorn-53297.exe
272	Unicorn-25184.exe
2844	Unicorn-57195.exe
2564	Unicorn-27231.exe
1048	Unicorn-45513.exe
2168	Unicorn-3089.exe
1816	Unicorn-25647.exe
1680	Unicorn-47962.exe
3008	Unicorn-8455.exe
2712	Unicorn-49799.exe
2728	Unicorn-45980.exe
2628	Unicorn-17200.exe
2768	Unicorn-52565.exe
2888	Unicorn-6893.exe
2772	Unicorn-5502.exe
1492	Unicorn-55994.exe
2832	Unicorn-17562.exe
2868	Unicorn-62124.exe
2872	Unicorn-37428.exe
1312	Unicorn-54532.exe
2468	Unicorn-48045.exe
1060	Unicorn-10400.exe
2292	Unicorn-41896.exe
1052	Unicorn-5694.exe
1740	Unicorn-25560.exe
2412	Unicorn-56286.exe
2060	Unicorn-65122.exe
2108	Unicorn-61693.exe
2444	Unicorn-16022.exe
1772	Unicorn-54916.exe
1812	Unicorn-5615.exe
1868	Unicorn-29457.exe
2744	Unicorn-58808.exe
2812	Unicorn-22414.exe
2280	Unicorn-59384.exe
2612	Unicorn-52400.exe
2596	Unicorn-36634.exe
1760	Unicorn-39902.exe
860	Unicorn-17475.exe
1332	Unicorn-24251.exe
1320	Unicorn-24251.exe
2232	Unicorn-28357.exe
2184	Unicorn-28357.exe
1344	Unicorn-26310.exe
1120	Unicorn-22034.exe

Loads dropped DLL 64 IoCs

pid	Process
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
1892	Unicorn-18876.exe
1892	Unicorn-18876.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
1124	Unicorn-8652.exe
1124	Unicorn-8652.exe
1892	Unicorn-18876.exe
1892	Unicorn-18876.exe
2696	Unicorn-50240.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
2696	Unicorn-50240.exe
2820	Unicorn-31294.exe
2820	Unicorn-31294.exe
1124	Unicorn-8652.exe
1124	Unicorn-8652.exe
2976	Unicorn-40038.exe
2976	Unicorn-40038.exe
1892	Unicorn-18876.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
2696	Unicorn-50240.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
2696	Unicorn-50240.exe
1892	Unicorn-18876.exe
2132	Unicorn-4137.exe
2132	Unicorn-4137.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
280	Unicorn-52015.exe
280	Unicorn-52015.exe
1124	Unicorn-8652.exe
1124	Unicorn-8652.exe
2820	Unicorn-31294.exe
2820	Unicorn-31294.exe
1932	Unicorn-34392.exe
1932	Unicorn-34392.exe
608	Unicorn-21096.exe
608	Unicorn-21096.exe
2952	Unicorn-40697.exe
2952	Unicorn-40697.exe
2696	Unicorn-50240.exe
2696	Unicorn-50240.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
624	Unicorn-22680.exe
624	Unicorn-22680.exe
2132	Unicorn-4137.exe
2964	Unicorn-40962.exe
2976	Unicorn-40038.exe
2964	Unicorn-40962.exe
2132	Unicorn-4137.exe
2976	Unicorn-40038.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
2876	WerFault.exe
1892	Unicorn-18876.exe
1892	Unicorn-18876.exe
2876	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2948	2112	WerFault.exe	36
2876	2008	WerFault.exe	42
2924	1692	WerFault.exe	50
2092	608	WerFault.exe	43
2088	2872	WerFault.exe	72
2788	2812	WerFault.exe	87
108	2712	WerFault.exe	61
2032	2832	WerFault.exe	71
1452	2468	WerFault.exe	74
3984	2444	WerFault.exe	82
3248	2848	WerFault.exe	135
3148	1320	WerFault.exe	94
3364	280	WerFault.exe	39
3940	2728	WerFault.exe	62
4028	1060	WerFault.exe	75
3848	2768	WerFault.exe	66
4352	236	WerFault.exe	111
4364	2720	WerFault.exe	107
4400	3008	WerFault.exe	60
4428	2772	WerFault.exe	68
4416	1052	WerFault.exe	77
4392	2148	WerFault.exe	49
4856	1120	WerFault.exe	99
4916	320	WerFault.exe	178
4904	2828	WerFault.exe	131
5068	884	WerFault.exe	110
5224	1332	WerFault.exe	95
6116	2108	WerFault.exe	81
6100	2292	WerFault.exe	76
6084	1760	WerFault.exe	91
6072	1296	WerFault.exe	155
6132	912	WerFault.exe	101
4596	2968	WerFault.exe	117
5196	2084	WerFault.exe	114
5180	2616	WerFault.exe	108
5188	1864	WerFault.exe	100
2252	2628	WerFault.exe	65
2344	1876	WerFault.exe	141
5548	536	WerFault.exe	147
2248	2512	WerFault.exe	121
5796	1868	WerFault.exe	85
5840	2864	WerFault.exe	139
5908	2472	WerFault.exe	126
5916	2360	WerFault.exe	123
5888	2456	WerFault.exe	127
5872	2708	WerFault.exe	129
5860	1800	WerFault.exe	146
5856	2412	WerFault.exe	79
6208	860	WerFault.exe	93
6236	1492	WerFault.exe	69
6248	1668	WerFault.exe	137
6264	1240	WerFault.exe	149
7036	1676	WerFault.exe	157
7024	2076	WerFault.exe	153
7004	1648	WerFault.exe	119
7088	2232	WerFault.exe	96
7140	2620	WerFault.exe	133
6776	4016	WerFault.exe	244
6804	2632	WerFault.exe	159
6796	2180	WerFault.exe	154
6772	1680	WerFault.exe	59
7108	1040	WerFault.exe	140
6532	1776	WerFault.exe	116
6516	2688	WerFault.exe	122

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6079.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8890.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
1892	Unicorn-18876.exe
1124	Unicorn-8652.exe
2696	Unicorn-50240.exe
2820	Unicorn-31294.exe
2132	Unicorn-4137.exe
2112	Unicorn-33907.exe
2976	Unicorn-40038.exe
280	Unicorn-52015.exe
1932	Unicorn-34392.exe
624	Unicorn-22680.exe
2952	Unicorn-40697.exe
608	Unicorn-21096.exe
2964	Unicorn-40962.exe
2008	Unicorn-34831.exe
604	Unicorn-10510.exe
1908	Unicorn-35107.exe
2836	Unicorn-21371.exe
1736	Unicorn-53297.exe
2148	Unicorn-41237.exe
1692	Unicorn-53297.exe
272	Unicorn-25184.exe
2844	Unicorn-57195.exe
1048	Unicorn-45513.exe
2564	Unicorn-27231.exe
2168	Unicorn-3089.exe
1816	Unicorn-25647.exe
1680	Unicorn-47962.exe
3008	Unicorn-8455.exe
2712	Unicorn-49799.exe
2728	Unicorn-45980.exe
2888	Unicorn-6893.exe
2772	Unicorn-5502.exe
1492	Unicorn-55994.exe
2628	Unicorn-17200.exe
2768	Unicorn-52565.exe
2872	Unicorn-37428.exe
2868	Unicorn-62124.exe
2832	Unicorn-17562.exe
1312	Unicorn-54532.exe
2468	Unicorn-48045.exe
1060	Unicorn-10400.exe
2292	Unicorn-41896.exe
1052	Unicorn-5694.exe
1740	Unicorn-25560.exe
2412	Unicorn-56286.exe
2444	Unicorn-16022.exe
2108	Unicorn-61693.exe
2060	Unicorn-65122.exe
1772	Unicorn-54916.exe
1812	Unicorn-5615.exe
1868	Unicorn-29457.exe
2744	Unicorn-58808.exe
2812	Unicorn-22414.exe
2280	Unicorn-59384.exe
2612	Unicorn-52400.exe
2596	Unicorn-36634.exe
1760	Unicorn-39902.exe
860	Unicorn-17475.exe
2232	Unicorn-28357.exe
1320	Unicorn-24251.exe
1332	Unicorn-24251.exe
2184	Unicorn-28357.exe
1344	Unicorn-26310.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1892	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	30
PID 1792 wrote to memory of 1892	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	30
PID 1792 wrote to memory of 1892	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	30
PID 1792 wrote to memory of 1892	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	30
PID 1892 wrote to memory of 1124	1892	Unicorn-18876.exe	31
PID 1892 wrote to memory of 1124	1892	Unicorn-18876.exe	31
PID 1892 wrote to memory of 1124	1892	Unicorn-18876.exe	31
PID 1892 wrote to memory of 1124	1892	Unicorn-18876.exe	31
PID 1792 wrote to memory of 2696	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	32
PID 1792 wrote to memory of 2696	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	32
PID 1792 wrote to memory of 2696	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	32
PID 1792 wrote to memory of 2696	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	32
PID 1124 wrote to memory of 2820	1124	Unicorn-8652.exe	33
PID 1124 wrote to memory of 2820	1124	Unicorn-8652.exe	33
PID 1124 wrote to memory of 2820	1124	Unicorn-8652.exe	33
PID 1124 wrote to memory of 2820	1124	Unicorn-8652.exe	33
PID 1892 wrote to memory of 2132	1892	Unicorn-18876.exe	34
PID 1892 wrote to memory of 2132	1892	Unicorn-18876.exe	34
PID 1892 wrote to memory of 2132	1892	Unicorn-18876.exe	34
PID 1892 wrote to memory of 2132	1892	Unicorn-18876.exe	34
PID 1792 wrote to memory of 2112	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	36
PID 1792 wrote to memory of 2112	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	36
PID 1792 wrote to memory of 2112	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	36
PID 1792 wrote to memory of 2112	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	36
PID 2696 wrote to memory of 2976	2696	Unicorn-50240.exe	35
PID 2696 wrote to memory of 2976	2696	Unicorn-50240.exe	35
PID 2696 wrote to memory of 2976	2696	Unicorn-50240.exe	35
PID 2696 wrote to memory of 2976	2696	Unicorn-50240.exe	35
PID 2820 wrote to memory of 1932	2820	Unicorn-31294.exe	38
PID 2820 wrote to memory of 1932	2820	Unicorn-31294.exe	38
PID 2820 wrote to memory of 1932	2820	Unicorn-31294.exe	38
PID 2820 wrote to memory of 1932	2820	Unicorn-31294.exe	38
PID 1124 wrote to memory of 280	1124	Unicorn-8652.exe	39
PID 1124 wrote to memory of 280	1124	Unicorn-8652.exe	39
PID 1124 wrote to memory of 280	1124	Unicorn-8652.exe	39
PID 1124 wrote to memory of 280	1124	Unicorn-8652.exe	39
PID 2976 wrote to memory of 624	2976	Unicorn-40038.exe	40
PID 2976 wrote to memory of 624	2976	Unicorn-40038.exe	40
PID 2976 wrote to memory of 624	2976	Unicorn-40038.exe	40
PID 2976 wrote to memory of 624	2976	Unicorn-40038.exe	40
PID 1792 wrote to memory of 2952	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	41
PID 1792 wrote to memory of 2952	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	41
PID 1792 wrote to memory of 2952	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	41
PID 1792 wrote to memory of 2952	1792	4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe	41
PID 2696 wrote to memory of 608	2696	Unicorn-50240.exe	43
PID 2696 wrote to memory of 608	2696	Unicorn-50240.exe	43
PID 2696 wrote to memory of 608	2696	Unicorn-50240.exe	43
PID 2696 wrote to memory of 608	2696	Unicorn-50240.exe	43
PID 1892 wrote to memory of 2008	1892	Unicorn-18876.exe	42
PID 1892 wrote to memory of 2008	1892	Unicorn-18876.exe	42
PID 1892 wrote to memory of 2008	1892	Unicorn-18876.exe	42
PID 1892 wrote to memory of 2008	1892	Unicorn-18876.exe	42
PID 2112 wrote to memory of 2948	2112	Unicorn-33907.exe	44
PID 2112 wrote to memory of 2948	2112	Unicorn-33907.exe	44
PID 2112 wrote to memory of 2948	2112	Unicorn-33907.exe	44
PID 2112 wrote to memory of 2948	2112	Unicorn-33907.exe	44
PID 2132 wrote to memory of 2964	2132	Unicorn-4137.exe	45
PID 2132 wrote to memory of 2964	2132	Unicorn-4137.exe	45
PID 2132 wrote to memory of 2964	2132	Unicorn-4137.exe	45
PID 2132 wrote to memory of 2964	2132	Unicorn-4137.exe	45
PID 280 wrote to memory of 604	280	Unicorn-52015.exe	46
PID 280 wrote to memory of 604	280	Unicorn-52015.exe	46
PID 280 wrote to memory of 604	280	Unicorn-52015.exe	46
PID 280 wrote to memory of 604	280	Unicorn-52015.exe	46

C:\Users\Admin\AppData\Local\Temp\4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe
"C:\Users\Admin\AppData\Local\Temp\4a11254f2a9b2b5bf1c255802ed84737652b47438a317e6f98f7ac0d66c485f1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        9⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        9⤵
        Program crash
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        8⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        8⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        9⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        8⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        8⤵
        Program crash
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10171.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
        8⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        7⤵
        Program crash
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        9⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25886.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        8⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        8⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        8⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
        8⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        7⤵
        Program crash
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        8⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        7⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 216
        7⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        6⤵
        
        PID:7100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        6⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        8⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29005.exe
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        9⤵
        Program crash
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20951.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        8⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        8⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        8⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4812.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        8⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        7⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        7⤵
        Program crash
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61792.exe
        7⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        7⤵
        Program crash
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        6⤵
        
        PID:7508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        6⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1522.exe
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        8⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        7⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        7⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        6⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35745.exe
        7⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        6⤵
        Program crash
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43806.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        7⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        7⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        6⤵
        
        PID:6032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 220
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        5⤵
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 216
        6⤵
        Program crash
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63029.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
        5⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        5⤵
        
        PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8016.exe
        5⤵
        
        PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        9⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        9⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        9⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        8⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 216
        8⤵
        Program crash
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        8⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        7⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
        7⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
        7⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15732.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        7⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 220
        7⤵
        Program crash
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33212.exe
        6⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        7⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 216
        7⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        6⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        6⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52695.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        7⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        7⤵
        
        PID:9356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        6⤵
        Program crash
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
        5⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        7⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        7⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        7⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24459.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        6⤵
        
        PID:6024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 220
        6⤵
        Program crash
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
        6⤵
        
        PID:4720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
        6⤵
        Program crash
        
        PID:5860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 240
        5⤵
        Program crash
        
        PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58808.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        8⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        7⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        7⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        7⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        6⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        7⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        7⤵
        Program crash
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        6⤵
        
        PID:3372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        6⤵
        Program crash
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        6⤵
        Program crash
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        5⤵
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        6⤵
        
        PID:6188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 220
        6⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        5⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29768.exe
        5⤵
        
        PID:7888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        5⤵
        
        PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        6⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        7⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8528.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        6⤵
        
        PID:7804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        6⤵
        
        PID:8668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        5⤵
        Program crash
        
        PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
        5⤵
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62067.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        6⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 236
        6⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        5⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        5⤵
        
        PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
      4⤵
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47433.exe
        5⤵
        
        PID:4988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 220
        5⤵
        Program crash
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41332.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
      4⤵
      PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
      4⤵
      PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
      4⤵
      PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
      4⤵
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61797.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        9⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 220
        9⤵
        Program crash
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25711.exe
        8⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        7⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        7⤵
        Program crash
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        8⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        8⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        7⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        7⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
        6⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2285.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        8⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        7⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        7⤵
        Program crash
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49637.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        7⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        6⤵
        
        PID:4448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        6⤵
        Program crash
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
        5⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
        6⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        7⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 212
        7⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        6⤵
        
        PID:6332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        6⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        6⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60476.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51288.exe
        5⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
        5⤵
        
        PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3089.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        7⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 216
        7⤵
        Program crash
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        7⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        6⤵
        
        PID:7488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        6⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
        5⤵
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39804.exe
        6⤵
        
        PID:4120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 220
        6⤵
        Program crash
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28679.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        5⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        5⤵
        
        PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65122.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38684.exe
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        6⤵
        
        PID:6324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        6⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        5⤵
        
        PID:8948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        5⤵
        
        PID:10056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        5⤵
        
        PID:5088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
        5⤵
        Program crash
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
      4⤵
      PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
      4⤵
      PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
      4⤵
      PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
      4⤵
      PID:10036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34831.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47962.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
        6⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        7⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        7⤵
        Program crash
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        6⤵
        
        PID:932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        6⤵
        Program crash
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        6⤵
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        6⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        6⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        5⤵
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        5⤵
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16488.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        5⤵
        
        PID:8196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        5⤵
        
        PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
      4⤵
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31834.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        5⤵
        
        PID:4944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        5⤵
        Program crash
        
        PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
      4⤵
      PID:5608
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
      4⤵
      Program crash
      PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        5⤵
        
        PID:4584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        5⤵
        Program crash
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
      4⤵
      PID:4152
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
      4⤵
      Program crash
      PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
    3⤵
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
      4⤵
      PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
      4⤵
      PID:7384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
      4⤵
      PID:9108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
    3⤵
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
    3⤵
    PID:5972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
    3⤵
    PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
    3⤵
    PID:7832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
    3⤵
    PID:3764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
        7⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        8⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 236
        8⤵
        Program crash
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
        8⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        7⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        7⤵
        Program crash
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41931.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        9⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        9⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        9⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        8⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        8⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6328.exe
        8⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50720.exe
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        7⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        7⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        7⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        6⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        6⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        6⤵
        
        PID:7828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        6⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        6⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        7⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        8⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
        7⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        6⤵
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        6⤵
        Program crash
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        6⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
        7⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        7⤵
        Program crash
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        6⤵
        
        PID:7176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
        6⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62622.exe
        5⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        6⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
        5⤵
        
        PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        5⤵
        
        PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
        7⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        7⤵
        Program crash
        
        PID:5908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        6⤵
        Program crash
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21336.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        6⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        6⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41083.exe
        6⤵
        
        PID:8336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
        6⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        5⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        5⤵
        
        PID:9312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        5⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
        6⤵
        
        PID:4336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        6⤵
        Program crash
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        5⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        5⤵
        
        PID:8984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
        5⤵
        
        PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41304.exe
      4⤵
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        6⤵
        Program crash
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        5⤵
        
        PID:8936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        5⤵
        
        PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
      4⤵
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        5⤵
        
        PID:7020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 220
        5⤵
        
        PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
      4⤵
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
      4⤵
      PID:5464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
      4⤵
      PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        5⤵
        Program crash
        
        PID:2924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
      4⤵
      Program crash
      PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        5⤵
        Program crash
        
        PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        5⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29798.exe
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        6⤵
        
        PID:6256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        6⤵
        
        PID:8252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        5⤵
        Program crash
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25851.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        6⤵
        
        PID:5236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 240
        6⤵
        Program crash
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22076.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
        5⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
        5⤵
        
        PID:7388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
      4⤵
      PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
      4⤵
      PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
      4⤵
      PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
      4⤵
      PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
      4⤵
      PID:10172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        5⤵
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        6⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        5⤵
        
        PID:5692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        5⤵
        Program crash
        
        PID:7004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
      4⤵
      Program crash
      PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
    3⤵
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
      4⤵
      PID:4360
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 220
      4⤵
      Program crash
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
    3⤵
    PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
    3⤵
    PID:5920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
    3⤵
    PID:7112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
    3⤵
    PID:7500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
    3⤵
    PID:8992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24544.exe
    3⤵
    PID:9704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48362.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        7⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 220
        7⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22813.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        6⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
        5⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        7⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        7⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        6⤵
        
        PID:5288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        6⤵
        Program crash
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        5⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        6⤵
        
        PID:9552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        5⤵
        Program crash
        
        PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41569.exe
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        7⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        6⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        6⤵
        
        PID:5712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
        6⤵
        Program crash
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        6⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        5⤵
        
        PID:3672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        5⤵
        Program crash
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15305.exe
        5⤵
        
        PID:3336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        5⤵
        Program crash
        
        PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
      4⤵
      PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
      4⤵
      PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
      4⤵
      PID:10152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        6⤵
        
        PID:8076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        5⤵
        
        PID:5728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        5⤵
        Program crash
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
      4⤵
      Program crash
      PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
    3⤵
    - Executes dropped EXE
    PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
      4⤵
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        5⤵
        
        PID:4092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
        5⤵
        Program crash
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
      4⤵
      PID:3260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 220
      4⤵
      Program crash
      PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
    3⤵
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
      4⤵
      PID:9368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
    3⤵
    PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
    3⤵
    PID:5684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31779.exe
    3⤵
    PID:6980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
    3⤵
    PID:7456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
    3⤵
    PID:8860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45405.exe
    3⤵
    PID:8364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        5⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        6⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        6⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        5⤵
        
        PID:3664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        5⤵
        Program crash
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18901.exe
      4⤵
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10669.exe
        5⤵
        
        PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      4⤵
      PID:6316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
      4⤵
      PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
    3⤵
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        5⤵
        
        PID:9204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
      4⤵
      PID:4472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 220
      4⤵
      Program crash
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
    3⤵
    PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
      4⤵
      PID:9376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
    3⤵
    PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
    3⤵
    PID:5156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
    3⤵
    PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8813.exe
    3⤵
    PID:7528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
    3⤵
    PID:112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
    3⤵
    PID:9980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27911.exe
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
      4⤵
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        5⤵
        
        PID:6168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        5⤵
        
        PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
      4⤵
      PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
      4⤵
      PID:8888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 220
      4⤵
      PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
    3⤵
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
      4⤵
      PID:9264
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
    3⤵
    - Program crash
    PID:4028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
  2⤵
  PID:2848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
    3⤵
    - Program crash
    PID:3248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
  2⤵
  PID:3488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
  2⤵
  PID:4868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
  2⤵
  PID:5484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
  2⤵
  PID:6788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
  2⤵
  PID:8108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
  2⤵
  PID:8980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
  2⤵
  PID:9720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe

Filesize
468KB

MD5
83a6ff153f47d4ec978927b96da7df75

SHA1
f109dc5126d5876b48d0d5a55ebe26e01b8297d9

SHA256
9dcfb8b1a3624fedcea83bf1867a34290816f558eddbafb6f7579ba046857e7e

SHA512
ac934c23f7f3218be9f9db13ec3642e69dd69ac898aa0c4dccb80a126246be5f273128e77bdc596ef182139430d3c595ac4d0ab49d33aa27d498839d9876c34a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe

Filesize
468KB

MD5
3c681ddc67ebb174d54f6e40aa4293cd

SHA1
eb2429abc356775a7ebd983d30b4a14cf9353c90

SHA256
c43dc50d00dbbcb2e0ab682d8c297ce1ba6b2d6e3320a9efe3a997e8cf9d19d3

SHA512
9ebe2f7a0bf7b41500cc3a949adac880a57be3323f967556692ef7b3839dcb6ad391f9b055bc3fd4e87d039574c0a83c5bcfdfd488f07459d0d0434826c06762

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe

Filesize
468KB

MD5
a2b0f84572e8333931b838e76ba04cdc

SHA1
b7b16d6e985af5142f1ab9e773ca7d6bfb5b6ad2

SHA256
a5ae5df8ddb924641fde35bd65e6e2ecbe43863b41ce25b1835839cf5ed7334c

SHA512
6716a0b904bc53a2aeaf32a805cae1eb2314943680bda5b19cdc0703f71e33cd4bfc2d2f381de156ed176e32f13077636e5505b0b350a4205ceb3b144071a8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe

Filesize
468KB

MD5
bad23e69892a0badd17fe9ec9e14ef38

SHA1
2c11501e9873922438d8750ea4243588f9174f7b

SHA256
84dec1b85c6ea7b75bd6ccd6484d8708879b99b5fb20e48f2ea25d49c16406ed

SHA512
42214a20196ca0706041826bbecfe25d9c7038b55605cb5bcd70e78a3c4c3d0a1eab1d661a4ba0b4524b9762b861fca72e2558f51c2dade05b0ee49f94b75bcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34831.exe

Filesize
468KB

MD5
7a2a68c5c42535f4c5464e844af6c4ee

SHA1
a202c13b0419ac49a97d4cdeb593f177927cc0fd

SHA256
18c067407fb16aaad3a10b062583cf9d77a686e0959d1ea0ecdcc1a66af61399

SHA512
5b8c574a097f899964b5c3afcf1e09ead3f36d28fdef1918b831c7b6bc0918771470c96b739b58a5be532ef410baf49fb7dd5484c6a645ba5f4052c330e81ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe

Filesize
468KB

MD5
b58743986a4e4b9d7c593039882c14aa

SHA1
2cba9b948b5ae55e2eca8329f99670468a4eef31

SHA256
62ce4c256888cea78fd9521dcfa1a9691e5abd055b8c2255ef10c38f553d62fd

SHA512
76b6740f197b52f6caa860531ba21f6809c02a41783dcf679783d6f8fc12f23bc14cc524a8c962e379a5f99efde824b8a5955547f5a01232bbb915ada422be73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe

Filesize
468KB

MD5
98bf63123881527151d72c5c80cfd16a

SHA1
ce4c9cac6d89f914bd46b9619a47a98865e14508

SHA256
0b4d50a3a5a85873f1b93808a0960e5c61b03d37ed564f027ba4a6ecd6a452d5

SHA512
8458d603914dfc61ce257475ff3d4c2351dd82c934e4a164504ef1ba5f2f2e32490f4abd41a87792051962e829c067f6f39c75d32921bef97907c0012c2a6eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe

Filesize
468KB

MD5
ed1b7f95153d0fea38797aeee092f66f

SHA1
7f0190387c7d9d22862f48e33ee93e5ba965bd3f

SHA256
32dfb3c31fce0504427fcf996f430c140b6444acc65d11481b9492ecd2dbb021

SHA512
19bbfb18867da3f6141e1b3f0652d2092c5d7953462c4dfe13f7f049ed6d9f4ca02b59e75842532e85e40631a8c3a92fd6c7cbaf6d842a352e8cb768f7b9622b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe

Filesize
468KB

MD5
e86ee01a6b58889cda92e2d4a6a00f03

SHA1
736afa26b8e29ce246df4c13d385a7c0b0927104

SHA256
376ecd523ffdd7259e092c542711fef9237ecc0ec7b2d2027f06795babeb3414

SHA512
fe486fc2bfe376841b39fc005fca2a0718f71db29c906491bf95c7b2905c2b6974ee80f3389f3fbaa43d9bd901f61b5695dc5a394d6a7163e8cd01b39eb69468

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60476.exe

Filesize
468KB

MD5
5c45e4431278bf05e0819967bf377d3c

SHA1
0b925116370d14501c93c92c5b8b9aa44b41e41e

SHA256
f036d10c514fe5ae5789a5e0e14a07e4187b3c41a965592535ac45411064b53b

SHA512
d63681a396c2e72d0ea801e5afdd526b0b4036467e8c0f44e91c0e1a24f0d4d5322557f82bb5ae5c3e1f989cd440dc64011a1a715fb4f7a664c4f60027114821

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe

Filesize
468KB

MD5
868920047f70b9ec53469e0f76669c73

SHA1
4e5df82bfa460932b1370eeb545e45ada7a4ba4c

SHA256
10c7aebf570280f4b96796bd5c69ec4aa6f9411909dd28cd98cc8070a502bf1b

SHA512
9978930726ab8ced6fb1bffc593893a18a3d7871415aebb1f0dba7f382bf3ed2331a242379f84a17e82e8f1f3298befcdbb024d137cf5d2a9b33419ed89e9bc5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe

Filesize
468KB

MD5
255035bbe011796bf46409fd168339d7

SHA1
9118181d8f9e3bcb0f582822631575299870165c

SHA256
864269a11ff26beaa70abdc0470b5d54d6eeb54647119cdb6f8229e6bbd93480

SHA512
0d7343a72eb1a6bee10ee396ae9b253cf4cc01f0204931bde91292968d53e0d19c5b6289262ac13c28a02a97442d236235920bc60a35b1e04d7cd912f978120d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21096.exe

Filesize
468KB

MD5
51cbdc6636baac18439669d8aa152f5e

SHA1
383829e48fcaf20bf36e96a08e51d84b3004e890

SHA256
fcaec104911e467ca41f709db3ddd63d0530f0dc9116e7158274e9dbbc4595d9

SHA512
59bac841d8aa53751cac3c6b7a8bd2a0ca54512f80ebf7e89863e084b1d8041d08417203e31a81d6f44b3d247a70fa6292824f431854272e9c63228adc0b68eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe

Filesize
468KB

MD5
0aee9ef719a45697727fbc6f651e339e

SHA1
ff0fd037ad225be547e355e74c59313024f8a695

SHA256
e23e118d561a655c2a3ef5637b9a42e567ff250160cf0c5695c420f9e2ef82a0

SHA512
a32b88c512bb2c50f6c16e09e82f7102b4890e50c850c399f013f7015dd6f72dce4ca3ed462d39565319ba2641734552942e3c6ba9f144460267f4a70b672f32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe

Filesize
468KB

MD5
0046a74ec2fb47512fea58c41752cedb

SHA1
f11d5114e1e6832052ab9e60c73bc48f850bb4f9

SHA256
51951ecac61880a2b22da7d7cdc994de57bd7054de40e903d3f8827c05981243

SHA512
f938af3ce53737a344d36a55e65308df1485672b00e9aff24c8a78fc9900cad585803f5699cd454e0f82bcd32bd31dcf7ab6fbcac28ef3a999ddee3fe874aa7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe

Filesize
468KB

MD5
767ca1cf804bdc161c7727b80fa849b0

SHA1
3ef30a0f93f6f6af842daad6dced8321d1d3515c

SHA256
4847615727dbcfde62b0187dd851f66543b3bed3a89eb6a5ab5e063230c767f6

SHA512
83c85f267f1d9796b2f15a4c71f683c6dbbd550402fc4bdf3a9005a322078d1b1d9ab25a7ae71d80a0919a7a9dec6ba32f786e756c366f4796c1e8ade5fd2379

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe

Filesize
468KB

MD5
ef53dde0e2a236221fe1ea0851d46bb2

SHA1
b1075c5c1816becd6ba73240b34c251cb5c22c6a

SHA256
ab240a740d34947cee20ed1f9f5949cde7ac3ebac3a7c80ce9dc019368feb792

SHA512
1ddb3aea654742049124f851dcfa79418fb7c640e86445f2d77f00ee11457c05236823728ad2b8f00ce9ba13321a852f3e8130826475de2d79ffb2ce37c6c06c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe

Filesize
468KB

MD5
2d4a5cd97374e09ac6f3722ff07a468c

SHA1
9539411e739f2e12b9ea48263dfa089831be30dc

SHA256
6b4f5d46ddc82d426a2af95d3f809e7c45f3b16bf60a5e3d0a94d2f918ab3a3e

SHA512
a1d2da7887a062de39d0065e80ae8614ae041c2d37f1a5d8960573c2588eb1ac29d0e2e2563f6e4614f119217d3ee4981ccc8c59b1c419ccbd64409c68277348

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe

Filesize
468KB

MD5
4fffddc653739ecfe4a47f7414490d07

SHA1
aa24c7876c907d960957e0565b68b052b56ee476

SHA256
773d056367875ccc2834dd88777a34f883ad80a82c3b271090d6370fdbb63ce8

SHA512
7930ca01f611ca2934fd4354bcce6f7826fd3a3100062890481127d4973ddc70315a4dd2cdda8a29cb7a86b06cdc637adfb5243189cff37da704480d2b39201e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe

Filesize
468KB

MD5
25a83aca88097352c1acf7f6ed25a48f

SHA1
d2a2ce1278b406fcbfcb95cfe673fca47ee7ebe6

SHA256
93e31e7cacbdc9a33a449ffd6a7f2e9befb3bd472d90724b1374929f4b2f8b51

SHA512
18990f578fc012e6798b7fee61d036d8c16c78c9c6628491ba7e1267781d76974183f754354fd5ab3a36dc474d7edeccfe7b2031f5e251144921c45c74fe4685

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe

Filesize
468KB

MD5
fc3ca9a9de2828f03f755375239928ba

SHA1
c409928977352957babd83b4df26c2dd7dc82258

SHA256
392cdb7231b872071d0fb8f27369f5258858e254cbc9b74795cdb12383feb0f2

SHA512
c3ee94f18b34ecbc8e4da790204ec7f02518a6d70df4c366e1b41435359f27d2ded33b1000518cb6b3ef490d643440b54e2627055fd0b27158079f88c5b6840c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe

Filesize
468KB

MD5
a74cdfa75fa4b561b37f186a76b1af31

SHA1
d9201163aad1f7e458afa0a61211ed3358f904a3

SHA256
c12ad548f219f54760481caa9febd16d32459807a3a6596fcb8365a89bb34aa8

SHA512
f1e4b06b3e7dc90c91d96972b42a15379eb6e1cbcae3d3fb68995ad2c4c1ef5f784db5e900712c839e15ba31c849ad6336dcabd0f6644267352c071d857ae201

Download Submit
memory/272-257-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/280-371-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/280-109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/280-372-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/280-193-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/280-192-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/604-364-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/604-195-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/608-231-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/608-232-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/608-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-264-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/624-271-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/1048-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1124-209-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/1124-210-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/1124-327-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/1124-328-0x0000000002950000-0x00000000029C5000-memory.dmp

Filesize
468KB

Download
memory/1124-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1492-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1680-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1736-337-0x0000000001E20000-0x0000000001E95000-memory.dmp

Filesize
468KB

Download
memory/1736-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1736-338-0x0000000001E20000-0x0000000001E95000-memory.dmp

Filesize
468KB

Download
memory/1792-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1792-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1792-80-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/1792-35-0x0000000003490000-0x0000000003505000-memory.dmp

Filesize
468KB

Download
memory/1792-401-0x0000000003490000-0x0000000003505000-memory.dmp

Filesize
468KB

Download
memory/1792-402-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/1792-254-0x0000000003490000-0x0000000003505000-memory.dmp

Filesize
468KB

Download
memory/1792-154-0x0000000003490000-0x0000000003505000-memory.dmp

Filesize
468KB

Download
memory/1792-258-0x0000000003490000-0x0000000003505000-memory.dmp

Filesize
468KB

Download
memory/1792-12-0x0000000002960000-0x00000000029D5000-memory.dmp

Filesize
468KB

Download
memory/1792-11-0x0000000003490000-0x0000000003505000-memory.dmp

Filesize
468KB

Download
memory/1816-293-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-60-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1892-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-158-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1892-153-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1892-301-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1892-24-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1892-302-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/1908-317-0x0000000001CA0000-0x0000000001D15000-memory.dmp

Filesize
468KB

Download
memory/1908-211-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1908-318-0x0000000001CA0000-0x0000000001D15000-memory.dmp

Filesize
468KB

Download
memory/1932-223-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1932-399-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1932-400-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1932-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1932-227-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2008-160-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2112-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2132-167-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2132-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2132-289-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2132-276-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2132-173-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2148-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2168-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-272-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-253-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2696-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2696-70-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2696-155-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2696-156-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2712-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2728-339-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2768-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-377-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-378-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2820-51-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-217-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2820-218-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2832-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-219-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2836-352-0x0000000001D80000-0x0000000001DF5000-memory.dmp

Filesize
468KB

Download
memory/2836-351-0x0000000001D80000-0x0000000001DF5000-memory.dmp

Filesize
468KB

Download
memory/2844-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2844-420-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/2868-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-363-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/2952-233-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/2952-157-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-354-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/2964-288-0x0000000001CC0000-0x0000000001D35000-memory.dmp

Filesize
468KB

Download
memory/2964-277-0x0000000001CC0000-0x0000000001D35000-memory.dmp

Filesize
468KB

Download
memory/2964-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-278-0x0000000001F20000-0x0000000001F95000-memory.dmp

Filesize
468KB

Download
memory/2976-290-0x0000000001F20000-0x0000000001F95000-memory.dmp

Filesize
468KB

Download
memory/3008-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download