b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
Size

468KB
MD5

7d9a580d511ad998ffd9af564b681bde
SHA1

76d758082d1a316eb92a8ee84a6a52dbcf4badac
SHA256

b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab
SHA512

9de8dd282e21415d40178ba0bad5ece9a1dcd60f22715324f691719603389acca53e93524659382d7183bea391d1d9504b29496509c7ce26f27268d09a0b0144
SSDEEP

3072:1U3/ogbKIE5TtbYfHOxccf8/uC5dPLpknSH3K6Znih0L3dkSrUlW:1UvogMTtQHiccfe1nDihONkSr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2176	Unicorn-12133.exe
2360	Unicorn-36611.exe
2056	Unicorn-64645.exe
2788	Unicorn-64950.exe
2332	Unicorn-50338.exe
2432	Unicorn-29171.exe
2648	Unicorn-20806.exe
940	Unicorn-14484.exe
1864	Unicorn-3052.exe
1324	Unicorn-22918.exe
1700	Unicorn-33315.exe
1964	Unicorn-62396.exe
2692	Unicorn-14819.exe
2192	Unicorn-2396.exe
2396	Unicorn-2396.exe
2280	Unicorn-25946.exe
1016	Unicorn-4242.exe
1160	Unicorn-10372.exe
2136	Unicorn-22219.exe
1888	Unicorn-50253.exe
2028	Unicorn-25868.exe
2032	Unicorn-45515.exe
2544	Unicorn-28987.exe
1692	Unicorn-58130.exe
2240	Unicorn-39193.exe
704	Unicorn-61083.exe
2564	Unicorn-34118.exe
2532	Unicorn-29096.exe
1740	Unicorn-4591.exe
884	Unicorn-4206.exe
1728	Unicorn-761.exe
1992	Unicorn-46008.exe
1984	Unicorn-62374.exe
2340	Unicorn-2967.exe
2736	Unicorn-43238.exe
2140	Unicorn-52168.exe
2408	Unicorn-32110.exe
2308	Unicorn-51711.exe
2908	Unicorn-43808.exe
2728	Unicorn-16350.exe
2856	Unicorn-52910.exe
2304	Unicorn-65416.exe
644	Unicorn-36958.exe
1756	Unicorn-45126.exe
2060	Unicorn-12453.exe
820	Unicorn-24300.exe
2880	Unicorn-37844.exe
1604	Unicorn-43974.exe
2476	Unicorn-43709.exe
1308	Unicorn-41212.exe
572	Unicorn-18436.exe
556	Unicorn-38302.exe
1440	Unicorn-48478.exe
1028	Unicorn-2806.exe
2528	Unicorn-19335.exe
2456	Unicorn-17950.exe
304	Unicorn-20220.exe
924	Unicorn-59407.exe
320	Unicorn-26470.exe
2424	Unicorn-51047.exe
532	Unicorn-1846.exe
2164	Unicorn-37149.exe
2960	Unicorn-50885.exe
1752	Unicorn-57015.exe

Loads dropped DLL 64 IoCs

pid	Process
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2176	Unicorn-12133.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2176	Unicorn-12133.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2176	Unicorn-12133.exe
2176	Unicorn-12133.exe
2360	Unicorn-36611.exe
2360	Unicorn-36611.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2788	Unicorn-64950.exe
2788	Unicorn-64950.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2332	Unicorn-50338.exe
2360	Unicorn-36611.exe
2332	Unicorn-50338.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2360	Unicorn-36611.exe
2176	Unicorn-12133.exe
2176	Unicorn-12133.exe
2464	WerFault.exe
2648	Unicorn-20806.exe
2648	Unicorn-20806.exe
2788	Unicorn-64950.exe
2788	Unicorn-64950.exe
1864	Unicorn-3052.exe
940	Unicorn-14484.exe
1864	Unicorn-3052.exe
940	Unicorn-14484.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
1324	Unicorn-22918.exe
1324	Unicorn-22918.exe
2360	Unicorn-36611.exe
2360	Unicorn-36611.exe
2332	Unicorn-50338.exe
2332	Unicorn-50338.exe
1700	Unicorn-33315.exe
1700	Unicorn-33315.exe
2176	Unicorn-12133.exe
2176	Unicorn-12133.exe
1964	Unicorn-62396.exe
1964	Unicorn-62396.exe
2648	Unicorn-20806.exe
2692	Unicorn-14819.exe
2648	Unicorn-20806.exe
2692	Unicorn-14819.exe
2788	Unicorn-64950.exe
2788	Unicorn-64950.exe
2192	Unicorn-2396.exe
2192	Unicorn-2396.exe
1864	Unicorn-3052.exe
1864	Unicorn-3052.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2824	2056	WerFault.exe	33
2464	2432	WerFault.exe	37
2292	1016	WerFault.exe	50
3028	2532	WerFault.exe	60
2088	1728	WerFault.exe	63
1588	2308	WerFault.exe	71
868	2060	WerFault.exe	78
1128	1912	WerFault.exe	101
1616	2424	WerFault.exe	94
1808	2340	WerFault.exe	66
2272	556	WerFault.exe	85
2844	2820	WerFault.exe	103
2284	2544	WerFault.exe	56
1868	2164	WerFault.exe	97
1124	2136	WerFault.exe	51
2428	1104	WerFault.exe	118
1356	2480	WerFault.exe	119
3100	2228	WerFault.exe	124
3168	1308	WerFault.exe	83
3196	704	WerFault.exe	58
3220	3060	WerFault.exe	116
3212	1924	WerFault.exe	121
3244	1992	WerFault.exe	64
3760	2472	WerFault.exe	131
3752	1936	WerFault.exe	113
3832	2912	WerFault.exe	102
3880	1756	WerFault.exe	77
3920	2864	WerFault.exe	129
3652	884	WerFault.exe	62
4068	892	WerFault.exe	125
3088	956	WerFault.exe	145
3296	3032	WerFault.exe	135
3512	2476	WerFault.exe	81
3592	1440	WerFault.exe	87
4220	2192	WerFault.exe	46
4208	2456	WerFault.exe	90
4200	1960	WerFault.exe	120
4192	1792	WerFault.exe	110
4244	1160	WerFault.exe	49
4300	820	WerFault.exe	79
4376	2920	WerFault.exe	111
4384	304	WerFault.exe	91
4396	2604	WerFault.exe	105
4408	1000	WerFault.exe	162
4432	2608	WerFault.exe	156
4492	2548	WerFault.exe	163
4760	2020	WerFault.exe	99
4840	2672	WerFault.exe	109
4856	2112	WerFault.exe	127
4884	940	WerFault.exe	39
4908	2960	WerFault.exe	96
4916	2760	WerFault.exe	153
5028	1604	WerFault.exe	82
5036	1964	WerFault.exe	44
5020	2856	WerFault.exe	74
5004	644	WerFault.exe	76
4228	1064	WerFault.exe	161
4596	1552	WerFault.exe	157
4612	1484	WerFault.exe	123
4472	2396	WerFault.exe	47
4500	2528	WerFault.exe	89
4516	532	WerFault.exe	95
4444	2408	WerFault.exe	70
3156	1740	WerFault.exe	61

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34046.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42209.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36257.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
2176	Unicorn-12133.exe
2056	Unicorn-64645.exe
2360	Unicorn-36611.exe
2788	Unicorn-64950.exe
2432	Unicorn-29171.exe
2332	Unicorn-50338.exe
2648	Unicorn-20806.exe
940	Unicorn-14484.exe
1864	Unicorn-3052.exe
1324	Unicorn-22918.exe
1700	Unicorn-33315.exe
1964	Unicorn-62396.exe
2692	Unicorn-14819.exe
2192	Unicorn-2396.exe
2396	Unicorn-2396.exe
2280	Unicorn-25946.exe
1016	Unicorn-4242.exe
1160	Unicorn-10372.exe
2136	Unicorn-22219.exe
1888	Unicorn-50253.exe
2028	Unicorn-25868.exe
2032	Unicorn-45515.exe
1692	Unicorn-58130.exe
2544	Unicorn-28987.exe
2240	Unicorn-39193.exe
704	Unicorn-61083.exe
2532	Unicorn-29096.exe
2564	Unicorn-34118.exe
1740	Unicorn-4591.exe
884	Unicorn-4206.exe
1728	Unicorn-761.exe
2340	Unicorn-2967.exe
1984	Unicorn-62374.exe
1992	Unicorn-46008.exe
2736	Unicorn-43238.exe
2140	Unicorn-52168.exe
2408	Unicorn-32110.exe
2308	Unicorn-51711.exe
2908	Unicorn-43808.exe
2728	Unicorn-16350.exe
2856	Unicorn-52910.exe
2304	Unicorn-65416.exe
644	Unicorn-36958.exe
1604	Unicorn-43974.exe
1756	Unicorn-45126.exe
2880	Unicorn-37844.exe
1308	Unicorn-41212.exe
2476	Unicorn-43709.exe
820	Unicorn-24300.exe
2060	Unicorn-12453.exe
572	Unicorn-18436.exe
556	Unicorn-38302.exe
1440	Unicorn-48478.exe
1028	Unicorn-2806.exe
2528	Unicorn-19335.exe
304	Unicorn-20220.exe
2456	Unicorn-17950.exe
924	Unicorn-59407.exe
320	Unicorn-26470.exe
2424	Unicorn-51047.exe
532	Unicorn-1846.exe
2164	Unicorn-37149.exe
1752	Unicorn-57015.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2176	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	31
PID 2116 wrote to memory of 2176	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	31
PID 2116 wrote to memory of 2176	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	31
PID 2116 wrote to memory of 2176	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	31
PID 2116 wrote to memory of 2360	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	32
PID 2116 wrote to memory of 2360	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	32
PID 2116 wrote to memory of 2360	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	32
PID 2116 wrote to memory of 2360	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	32
PID 2176 wrote to memory of 2056	2176	Unicorn-12133.exe	33
PID 2176 wrote to memory of 2056	2176	Unicorn-12133.exe	33
PID 2176 wrote to memory of 2056	2176	Unicorn-12133.exe	33
PID 2176 wrote to memory of 2056	2176	Unicorn-12133.exe	33
PID 2056 wrote to memory of 2824	2056	Unicorn-64645.exe	34
PID 2056 wrote to memory of 2824	2056	Unicorn-64645.exe	34
PID 2056 wrote to memory of 2824	2056	Unicorn-64645.exe	34
PID 2056 wrote to memory of 2824	2056	Unicorn-64645.exe	34
PID 2116 wrote to memory of 2788	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	35
PID 2116 wrote to memory of 2788	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	35
PID 2116 wrote to memory of 2788	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	35
PID 2116 wrote to memory of 2788	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	35
PID 2176 wrote to memory of 2332	2176	Unicorn-12133.exe	36
PID 2176 wrote to memory of 2332	2176	Unicorn-12133.exe	36
PID 2176 wrote to memory of 2332	2176	Unicorn-12133.exe	36
PID 2176 wrote to memory of 2332	2176	Unicorn-12133.exe	36
PID 2360 wrote to memory of 2432	2360	Unicorn-36611.exe	37
PID 2360 wrote to memory of 2432	2360	Unicorn-36611.exe	37
PID 2360 wrote to memory of 2432	2360	Unicorn-36611.exe	37
PID 2360 wrote to memory of 2432	2360	Unicorn-36611.exe	37
PID 2788 wrote to memory of 2648	2788	Unicorn-64950.exe	38
PID 2788 wrote to memory of 2648	2788	Unicorn-64950.exe	38
PID 2788 wrote to memory of 2648	2788	Unicorn-64950.exe	38
PID 2788 wrote to memory of 2648	2788	Unicorn-64950.exe	38
PID 2116 wrote to memory of 940	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	39
PID 2116 wrote to memory of 940	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	39
PID 2116 wrote to memory of 940	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	39
PID 2116 wrote to memory of 940	2116	b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe	39
PID 2432 wrote to memory of 2464	2432	Unicorn-29171.exe	40
PID 2432 wrote to memory of 2464	2432	Unicorn-29171.exe	40
PID 2432 wrote to memory of 2464	2432	Unicorn-29171.exe	40
PID 2432 wrote to memory of 2464	2432	Unicorn-29171.exe	40
PID 2360 wrote to memory of 1864	2360	Unicorn-36611.exe	42
PID 2360 wrote to memory of 1864	2360	Unicorn-36611.exe	42
PID 2360 wrote to memory of 1864	2360	Unicorn-36611.exe	42
PID 2360 wrote to memory of 1864	2360	Unicorn-36611.exe	42
PID 2332 wrote to memory of 1324	2332	Unicorn-50338.exe	41
PID 2332 wrote to memory of 1324	2332	Unicorn-50338.exe	41
PID 2332 wrote to memory of 1324	2332	Unicorn-50338.exe	41
PID 2332 wrote to memory of 1324	2332	Unicorn-50338.exe	41
PID 2176 wrote to memory of 1700	2176	Unicorn-12133.exe	43
PID 2176 wrote to memory of 1700	2176	Unicorn-12133.exe	43
PID 2176 wrote to memory of 1700	2176	Unicorn-12133.exe	43
PID 2176 wrote to memory of 1700	2176	Unicorn-12133.exe	43
PID 2648 wrote to memory of 1964	2648	Unicorn-20806.exe	44
PID 2648 wrote to memory of 1964	2648	Unicorn-20806.exe	44
PID 2648 wrote to memory of 1964	2648	Unicorn-20806.exe	44
PID 2648 wrote to memory of 1964	2648	Unicorn-20806.exe	44
PID 2788 wrote to memory of 2692	2788	Unicorn-64950.exe	45
PID 2788 wrote to memory of 2692	2788	Unicorn-64950.exe	45
PID 2788 wrote to memory of 2692	2788	Unicorn-64950.exe	45
PID 2788 wrote to memory of 2692	2788	Unicorn-64950.exe	45
PID 1864 wrote to memory of 2192	1864	Unicorn-3052.exe	46
PID 1864 wrote to memory of 2192	1864	Unicorn-3052.exe	46
PID 1864 wrote to memory of 2192	1864	Unicorn-3052.exe	46
PID 1864 wrote to memory of 2192	1864	Unicorn-3052.exe	46

C:\Users\Admin\AppData\Local\Temp\b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe
"C:\Users\Admin\AppData\Local\Temp\b8dd615cb4b0f581437a769982a23f0ffd46a87c2c2fe54b4b1bcfe8d3bc10ab.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24836.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
        8⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        9⤵
        Program crash
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41846.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        9⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        9⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 224
        9⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        8⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 228
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        9⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21060.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        8⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        8⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        8⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        8⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30842.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        7⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        7⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
        7⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        8⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        8⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 220
        8⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 228
        7⤵
        Program crash
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21725.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        7⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27591.exe
        7⤵
        
        PID:780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 248
        6⤵
        Program crash
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        8⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 224
        8⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 228
        7⤵
        Program crash
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        6⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        7⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
        6⤵
        
        PID:4868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 248
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33972.exe
        5⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        6⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 224
        7⤵
        Program crash
        
        PID:3088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        6⤵
        Program crash
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30928.exe
        5⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
        7⤵
        
        PID:8628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 248
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47422.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6459.exe
        5⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
        5⤵
        
        PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        8⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64301.exe
        8⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        8⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        7⤵
        Program crash
        
        PID:4840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 248
        6⤵
        Program crash
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34968.exe
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22117.exe
        7⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        7⤵
        
        PID:2652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 228
        6⤵
        Program crash
        
        PID:4376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 244
        5⤵
        Program crash
        
        PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59407.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
        6⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19167.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
        8⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        7⤵
        Program crash
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        6⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 200
        7⤵
        Program crash
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51518.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        6⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33482.exe
        6⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11560.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
        6⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        6⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57601.exe
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        7⤵
        
        PID:936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        6⤵
        Program crash
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        6⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        6⤵
        
        PID:1988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 224
        6⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        5⤵
        
        PID:4940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 244
        5⤵
        
        PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
        5⤵
        
        PID:2864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 244
        6⤵
        Program crash
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62040.exe
        6⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        6⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26926.exe
        5⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36893.exe
        5⤵
        
        PID:6632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 248
        5⤵
        
        PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        6⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        5⤵
        
        PID:4972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 244
        5⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13212.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        5⤵
        
        PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
      4⤵
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
      4⤵
      PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10917.exe
      4⤵
      PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
        7⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 224
        8⤵
        Program crash
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53821.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60032.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        7⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 248
        7⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        7⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62454.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        7⤵
        
        PID:8820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
        6⤵
        
        PID:5604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 244
        6⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        5⤵
        
        PID:1912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 224
        6⤵
        Program crash
        
        PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        5⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        6⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
        7⤵
        
        PID:6248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 228
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        5⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
        6⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2691.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56718.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
        5⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        7⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 248
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        6⤵
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 244
        6⤵
        Program crash
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        7⤵
        
        PID:9576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 248
        6⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        5⤵
        Program crash
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
      4⤵
      Executes dropped EXE
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        5⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
        6⤵
        
        PID:7220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 228
        6⤵
        
        PID:7640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 228
        5⤵
        Program crash
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
      4⤵
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        5⤵
        
        PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56517.exe
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        5⤵
        
        PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
      4⤵
      PID:4964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 248
      4⤵
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        6⤵
        
        PID:2388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        6⤵
        Program crash
        
        PID:1616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 248
        5⤵
        Program crash
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 220
        5⤵
        Program crash
        
        PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
      4⤵
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        5⤵
        
        PID:7440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 224
        5⤵
        
        PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
      4⤵
      PID:4316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 244
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
      4⤵
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        6⤵
        
        PID:7688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        5⤵
        
        PID:4336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
      4⤵
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42029.exe
        5⤵
        
        PID:4000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 228
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
      4⤵
      PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe
      4⤵
      PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
      4⤵
      PID:7908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
      4⤵
      PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26068.exe
      4⤵
      PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
      4⤵
      PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
      4⤵
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
        5⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        5⤵
        
        PID:5356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 248
      4⤵
      Program crash
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
    3⤵
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
      4⤵
      PID:7448
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
      4⤵
      PID:8084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
    3⤵
    PID:4280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
    3⤵
    PID:6112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6395.exe
    3⤵
    PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
    3⤵
    PID:6756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
    3⤵
    PID:7876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12.exe
    3⤵
    PID:9132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2681.exe
    3⤵
    PID:8968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
        7⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        8⤵
        Program crash
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        8⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 220
        8⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 244
        7⤵
        Program crash
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
        6⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 244
        7⤵
        Program crash
        
        PID:3100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        6⤵
        Program crash
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        6⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 224
        7⤵
        Program crash
        
        PID:1356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        6⤵
        Program crash
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
        7⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
        7⤵
        
        PID:7360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 248
        6⤵
        Program crash
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
        5⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
        6⤵
        
        PID:8060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        5⤵
        Program crash
        
        PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35781.exe
        7⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 228
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
        6⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        7⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8062.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
        6⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
        6⤵
        
        PID:7752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 244
        6⤵
        
        PID:8392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        6⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        7⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58162.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        7⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        6⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62047.exe
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        6⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9416.exe
        6⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        6⤵
        
        PID:8092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 224
        6⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        5⤵
        
        PID:4792
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 224
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        6⤵
        
        PID:5484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 228
        5⤵
        Program crash
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        5⤵
        
        PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        5⤵
        
        PID:7208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 228
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48597.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
      4⤵
      PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
      4⤵
      PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
      4⤵
      PID:8308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
      4⤵
      Program crash
      PID:2292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
      4⤵
      PID:2612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
      4⤵
      Program crash
      PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        5⤵
        
        PID:8120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 224
        5⤵
        
        PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
      4⤵
      PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56608.exe
      4⤵
      PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
      4⤵
      PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
      4⤵
      PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
      4⤵
      PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19505.exe
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
      4⤵
      PID:7304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 224
      4⤵
      PID:9060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
    3⤵
    PID:4876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 248
    3⤵
    PID:2980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 220
        8⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        8⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        8⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 244
        7⤵
        Program crash
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7466.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        7⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 224
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15783.exe
        7⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 224
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        6⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
        7⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 228
        7⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
        6⤵
        
        PID:4980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 244
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 224
        7⤵
        Program crash
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        6⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        7⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        7⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        6⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        6⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44035.exe
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        6⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 224
        7⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
        6⤵
        
        PID:4896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 224
        6⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
        5⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        6⤵
        
        PID:9092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 244
        5⤵
        Program crash
        
        PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 244
        6⤵
        Program crash
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63927.exe
        5⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 228
        6⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        5⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        5⤵
        
        PID:5108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 244
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16533.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        6⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 244
        7⤵
        Program crash
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
        6⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30934.exe
        6⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37235.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 248
        6⤵
        Program crash
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        6⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        5⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21072.exe
        5⤵
        
        PID:7740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        5⤵
        
        PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9552.exe
      4⤵
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        6⤵
        
        PID:8584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 228
        5⤵
        Program crash
        
        PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26030.exe
      4⤵
      PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
        5⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        5⤵
        
        PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
      4⤵
      PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
      4⤵
      PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
      4⤵
      PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
      4⤵
      PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
      4⤵
      PID:8556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        6⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        7⤵
        Program crash
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42209.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37174.exe
        7⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 228
        7⤵
        
        PID:8464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 244
        6⤵
        Program crash
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        7⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        6⤵
        
        PID:3596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 244
        6⤵
        
        PID:5584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        5⤵
        Program crash
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
        5⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        6⤵
        
        PID:3344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 228
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        6⤵
        
        PID:8448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 244
        5⤵
        Program crash
        
        PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
      4⤵
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        6⤵
        
        PID:8344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 228
        5⤵
        
        PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
      4⤵
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        5⤵
        
        PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29728.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
      4⤵
      PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45126.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52501.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
        6⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        6⤵
        
        PID:7900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 248
        6⤵
        
        PID:8436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 248
        5⤵
        Program crash
        
        PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
      4⤵
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3435.exe
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        6⤵
        
        PID:8340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        5⤵
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        5⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        5⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        5⤵
        
        PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45585.exe
        5⤵
        
        PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
      4⤵
      PID:5100
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 244
      4⤵
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        5⤵
        
        PID:1000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
        6⤵
        Program crash
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        5⤵
        
        PID:5564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 228
        5⤵
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        5⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52818.exe
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20145.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9480
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
      4⤵
      Program crash
      PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        5⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
        6⤵
        
        PID:3736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 228
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
        5⤵
        
        PID:4464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 244
        5⤵
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
      4⤵
      PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
      4⤵
      PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
      4⤵
      PID:4164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
    3⤵
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63530.exe
      4⤵
      PID:7504
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      PID:8000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
    3⤵
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38541.exe
    3⤵
    PID:6088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
    3⤵
    PID:6548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
    3⤵
    PID:7864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
    3⤵
    PID:9124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
    3⤵
    PID:8276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 320
        5⤵
        Program crash
        
        PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        5⤵
        
        PID:3032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
        6⤵
        Program crash
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
        5⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        6⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
      4⤵
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        5⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64225.exe
        6⤵
        
        PID:3440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 248
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
      4⤵
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
        5⤵
        
        PID:5980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 244
      4⤵
      Program crash
      PID:4472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1728
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 224
      4⤵
      Program crash
      PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
    3⤵
    PID:2820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 224
      4⤵
      Program crash
      PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
    3⤵
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
      4⤵
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        5⤵
        
        PID:7196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        5⤵
        
        PID:9196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 228
      4⤵
      Program crash
      PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31053.exe
    3⤵
    PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53970.exe
      4⤵
      PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
      4⤵
      PID:8804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
      4⤵
      PID:6000
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 248
    3⤵
    - Program crash
    PID:4884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4591.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 244
        5⤵
        Program crash
        
        PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9356.exe
        5⤵
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 228
        5⤵
        
        PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
      4⤵
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        5⤵
        
        PID:9432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
      4⤵
      Program crash
      PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
      4⤵
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        5⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        5⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64847.exe
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
        5⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13881.exe
        5⤵
        
        PID:8924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
      4⤵
      Program crash
      PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50714.exe
    3⤵
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
      4⤵
      PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
      4⤵
      PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
      4⤵
      PID:8356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
    3⤵
    PID:6040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
    3⤵
    PID:6624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
    3⤵
    PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
    3⤵
    PID:7748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26348.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8281.exe
    3⤵
    PID:8240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
      4⤵
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
        5⤵
        
        PID:3928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 228
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58811.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        5⤵
        
        PID:9740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 244
      4⤵
      Program crash
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
    3⤵
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
      4⤵
      PID:6156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 188
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
      4⤵
      PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
      4⤵
      PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39251.exe
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
      4⤵
      PID:9512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
    3⤵
    PID:3612
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
    3⤵
    - Program crash
    PID:3652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
    3⤵
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
      4⤵
      PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
      4⤵
      PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
      4⤵
      PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
      4⤵
      PID:292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
      4⤵
      PID:9464
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 248
    3⤵
    - Program crash
    PID:4208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
  2⤵
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43390.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
    3⤵
    PID:7568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
    3⤵
    PID:8596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
    3⤵
    PID:8520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
  2⤵
  PID:4308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
  2⤵
  PID:6104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
  2⤵
  PID:6580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
  2⤵
  PID:6692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32033.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32033.exe
  2⤵
  PID:7904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
  2⤵
  PID:9156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe

Filesize
468KB

MD5
f72f2daf98a3462275d58ab841800e3b

SHA1
b728c15cf642b54ca85a20aa9c641fff5ab2243f

SHA256
6ce0120a610dba33947f0110ef7c6bed0284ab969eb626f514e286b098e7583a

SHA512
02c9cd9b6e5629e7a5b674b21ef86b3f62025e950d6876fe632b4b34c7fc0657b19bebccf5e8987d2e0f55450e89ab0ea048dbbf4ae9ded53f0bb5c42c7f446b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe

Filesize
468KB

MD5
aba045cab262abce53cb584f2304d19f

SHA1
4f1cceb0b234a43344797720342d0b2631b98f4e

SHA256
86916c70fc64bc6d04d55044e7f89fe76d4c4813661a4a7ac001c222898dbec8

SHA512
81c7de2b0c486e2d7753c27057ebdeb19c5c19d8ea3bb02b9cffc17594ebe1db4c7a6da409cdcc2bfdd0f1d896515a3e8a8462556ecaa374975820c535e6d957

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe

Filesize
468KB

MD5
248dd028d4ad8036cc80b2d67036ea19

SHA1
a17269db6bf0d6e38fc0e153c85409d5c7e3a939

SHA256
78c91dd2b548838ee4f2163245f6e4f975a371a4fbb74ee9f2f6682308ef994f

SHA512
767137de52acf36750115052c02d8c5be86d775d37aa287967f4cf6521065f46679da91964b30d0a538de5cdf6ad01e69a0d1cd257bd5b2bc6ca4690e639695b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe

Filesize
468KB

MD5
1a7850ccefbad02f44d02980492d8cc2

SHA1
4b01fcc5b8cb99842ecf7e5b7555390d9a744af7

SHA256
f97191cfcd547c9d0b59028a04acfad60ea815ad40be7da99d4357bc7d639e88

SHA512
e29c0477db1793f7c9b5e4199d55e846543cad1e0e8d39675ded3e02a04b65640af94b25655750881cb25777a42a607f510d744fe6305a5d05e683d347493c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe

Filesize
468KB

MD5
af9a3a64c264d459631c888600134e46

SHA1
c2d8e3241194c6d2f291a98982e6266cb471812c

SHA256
682b0f67072367f2fa59881024909c0ef27c76a320f00f3351549aebb6f7dbe4

SHA512
4f6e223b125503a59c7e7b3e495a3209cd7391e00cdc6beb39223c7fba8fc71533aabcfbc062a80b0c23701e2d0bad9c147403cf9e1d7aebd433355283386162

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe

Filesize
468KB

MD5
2c9fb81224993167152e936d92f3a9fc

SHA1
ad398c033993a41231d305d7e06ff52235d6bda0

SHA256
e1bdda5a11e9b50e7070d6b3f08e98b671650ac02bd034c5d994508a163cd65d

SHA512
852bf159bbe247ad1377ce3e5e35d6265265d926f1ca0c48d94eba4398a5fe4d1eb59572dc7901fca88dd810b8cc7be03176a35189e829da2856d738806f2542

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe

Filesize
468KB

MD5
0cb81151b1e890ab7239ab034c3477d7

SHA1
d1e36b7c45a132adbec2dba62d52fce6941c1f37

SHA256
0e6f7c00996798e9ebafd21036604a090e91512d80ac95e7487e4b77b2869de0

SHA512
285ca6b148c9191d2af66bf292c95519b6f3a093df54fd5b7aee00afeaab13a253d815f33b4f7aef194d588394e0abb1a9c47c9052fb2210f17aed0fce9730dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe

Filesize
468KB

MD5
a3e4d4e646427234531f275b67e297e2

SHA1
8568d3a62c4e5c7e39dcded6ab84965dbfe5c55c

SHA256
01ea43c5072c3e2e0738883ee52fb7de63fe670e90ef586fe41afd55a5dd03f8

SHA512
cab11dccc726fb5fa8f3cc148ab55dc6331959c857b6e5d1545527bafc9e339fd7b6c23e41ffad4e7e37eaf8fa8999d5bf03295cd0865f6410663ea6721e632d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe

Filesize
468KB

MD5
8b44ad23bc8d2700c88e3aa808d31b2d

SHA1
9cb7e572ff59d5b53b72cd6a6a439d49b035706c

SHA256
8b2aae914667dbba7ae0779de0e0fdf973b7ed622a3c651569ba135b34641cfe

SHA512
8e20bcf059ac17e8d55a2c9ef92a01b937491594a30ab1d2424a0d40a5e1603f0ef2acb58fa06085be029961ac8c72e37515ae0586a18a5e6b8d4124c619f7cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe

Filesize
468KB

MD5
cd54ad8af3287b47d719304224fdf852

SHA1
b6a9fa96a4dc14fdf3589131f2d01ca349352343

SHA256
810a7844fd4358db52d409ddc14dbbd5aa9189cfc66bc11e6fd9165806de368a

SHA512
659c5709ab2b63433eafdf7f94057151f0b0b11225fd6c06909b63841cdef7badab8d4a7c0e0be50787176ed199b40544e6f7e0a6e424c6251d0acf694b2d4a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe

Filesize
468KB

MD5
843c2cab0e168898489257357cf356c1

SHA1
375a248c8973ebe2bfbb0090a58edf119a665541

SHA256
37be57e713f7dd40c74d9bb966dfc669ebed588dfc9a38238b1d9f5b60d251ca

SHA512
833732c0ca635a2c53e896d8ec3090455728ce4300d407414d6572fee4d4d4804496af2d20637e4718ba07f53a0d7a38dfa8f56d36d600fa3bd1551d2036d484

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58802.exe

Filesize
468KB

MD5
eec9534a6c3de02d83ed5477036c86db

SHA1
ca23717cef13c2f0c15c1e8c79e4de073c22d65e

SHA256
025983c30cca35a327fca26bb4a5122ed4d27f706c1a9cf115e25fe614d7dd67

SHA512
8fa8cd845a336da3be4d784ab050d0257df99073ab2759576bb8ae1691fa35f4aaac3b698d63610ffd37c682f846f3190c6abade25adbee5921d38b0911cb7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe

Filesize
468KB

MD5
810c76c616d4cf24107f53f1b0d08824

SHA1
b163b92b9f3a332441db988efc807befe1bc1770

SHA256
dad14d7f354ab70f2cef0687af20bf7e0bd99cd51afbda7613a5f5aa75e3bab0

SHA512
015aacbaa7cc330d8229b13a3a8e3f7f9b801c5e7e46cc8a4a43a66ed3222560b4cd371c9b87e1a4a241b787ec21e1a12d87749c80a37126dc001bd57bc93d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64645.exe

Filesize
468KB

MD5
d508bfb97bec69d37a868c4124c5467d

SHA1
bd9f13ce0f31cae0d19e4677187b480ff0b97b3c

SHA256
c83a1e42c22d5234edd2498897a6269e838d992aa5d46dfc744586ab6f1bd989

SHA512
57b21ea1a28cb7ab962b5fccbf02a173491af539520307353f6fab60c9be0b9d6d9393061d5d2daf10a077560d9d5c052bd27ae3965176b06822574dde7a7e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe

Filesize
468KB

MD5
b551767a98638253823703d1e83c14b2

SHA1
f926b71e11ea0b2a26b8d20b6675fa852f40eb48

SHA256
ec544fed1a9af9831d5b86ffa6680a87f9aacb262450de44b73bb2ecabf05013

SHA512
901e73cf3f70d9b17c6076140aebacb8ad009725f67c9162f8e378717e957746c91c55f8e7b45d61a323b95937a72e1701cbb87083721e4488eb722d9cdb15b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe

Filesize
468KB

MD5
2e2dd3ff146add8915f6c3d082f9d06a

SHA1
bd75c54031161ce82c42642d777d3a1d6dd351c4

SHA256
e08c817f4ea3e41f9baedd066b06a4fcea52b0210bc2f81ccef98db937be8ead

SHA512
39d0d873ec561c811b897d043012a48ef2bae5c193068a626190d5219974e6f392b1961d908e1f11f9d239d1cd01dcabb4564ce10b762ea96da5050432db9a8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12133.exe

Filesize
468KB

MD5
50e84e3bcb04c9c531748c5ceb3bb300

SHA1
713b7858cdfdc2c7f93475e14e6555e5acce51e9

SHA256
0943772e6b20b476f95897b100cbe13173a8eb536c26b3b8183aeb2481e25df1

SHA512
8e50d16defe1e70e766776fc20b9f603868df42dcaab596f87597762e3bfc2e771f52861392cc6cf43b1307b83d0f958b9d7a68d667c1b5ff9c3d0f8191ebf80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe

Filesize
468KB

MD5
fa11d67f84053efc558aa4a3cdba63b4

SHA1
e33d8c98e36edfa2b9c11e70972ee9dd4cb99687

SHA256
74abc3727555118f413a5b5cdcc013138494ca46b33c9a097ae2b569baa9a503

SHA512
c03639e97153b1d02a7e2a963861dfe1460d2ba70f6603a0be1c70685ce9d5233fcf1750e91c00c8d2ad635d4b6bccfda1e63e392aa078d433f31ad49738282e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe

Filesize
468KB

MD5
15d9fef8504d6b91389aedada2082b08

SHA1
54f06560dc34a332f529f8626a02c908876b4056

SHA256
53821ef2af99ef7515daf4b733f1c03015fc9050e7eefb3b6c68b48d918a2691

SHA512
c644362e8e838fba5c4c42cddd5d9ea30ba3b1fac1ce56a21dfa5046979c0bb66a71abceda400e5f8f47b8422a1a1c272e97e2f3fcf910001fc98662b5ccf8cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe

Filesize
468KB

MD5
60bb22dc64e8eca1b18fb85dd0f8f108

SHA1
bb4dc465a41492b95d5b8563bca4c687f5305ff9

SHA256
a86f7c3040b352768bc652cba2800d83fc7690c8248f16d10fb092c69c8755ad

SHA512
abdc4ed88784b907fc3876823196ffb3d3570956c7f6fc57d12a766ab2067745de29999518d69e99cc8c604b0ad5bb223a20499c09d8ffe951f6b9b38422ea56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe

Filesize
468KB

MD5
9c42551a07b059c26b58db941ac4569b

SHA1
2f0a9e86d00751e9ff223c62a3231aaa9eab343b

SHA256
19a76b90f65467b86cf1deccf74ff8ed69492b51bef7044f6d67f4066a3431c4

SHA512
357e31407316db783059dce9a3fac0b4b8ea31f852dc74a2afdb5b6bf26a61b018adf65443c887991389b778855b3187c97a974940dcd60a6a8ba4bf848996d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50338.exe

Filesize
468KB

MD5
1ba7bbdfea2ab46d99f88da548915dde

SHA1
6d0ae89253fcb8272e5fe81d7f0c775e4ba8f94d

SHA256
af7cc6ae54bdd38fa826d7fd13f2dd05887aa7569bb8b6e135b3ce7f59da1498

SHA512
e4f91f2f56ba4689c099ee6ea1f3a9a82d5485f89e50260f1ecc8beb87900284bb0be794ddc54a291d65931117b05dd16167e10daed66dd0de4fef9ad0af1878

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe

Filesize
468KB

MD5
c91b37c8f11e62c4671fd5903f392370

SHA1
d0d896ae1c0a87a3f5455f8bba80228d17a557d4

SHA256
9f061deee75bb058899b46b353a46cf1076a72b8db4cc4bf468dfd597bbfaa56

SHA512
f25990e21e08b8961de2c23cc077e5a7301f7bcd968a5c3104d690e248aed754e5b2d6344745d0a095f64494e9358ac3051b288348be572878b6f2b831f8b1d7

Download Submit