29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe
Size

192KB
MD5

4f281262b2ec346e85854161d61428a3
SHA1

f32a97a742ae23cba752e88f2859a0df75bafb7b
SHA256

29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340
SHA512

963d9f0a132e063ba6b49536b2c854ea4984c467f40da4fe8512f728ce0433412c2e6af670f06a32ee34ced6aebee73ffa5fa69a4d4bc59e48ba2a92c7943783
SSDEEP

3072:BLPkoAhLi7AUkjT0hdLH288K6SXVrxvrD2hFx7qx1v2lVvMfb:BLsoxkjjudr288yX882lVvMj

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2668	Unicorn-35753.exe
2488	Unicorn-6816.exe
2916	Unicorn-26682.exe
2968	Unicorn-22728.exe
2744	Unicorn-60231.exe
2784	Unicorn-14559.exe
3048	Unicorn-1404.exe
3044	Unicorn-42991.exe
1152	Unicorn-62857.exe
1284	Unicorn-6043.exe
1420	Unicorn-8669.exe
2780	Unicorn-46173.exe
2496	Unicorn-25006.exe
1816	Unicorn-1056.exe
1708	Unicorn-20922.exe
1192	Unicorn-50299.exe
2820	Unicorn-46215.exe
2012	Unicorn-46770.exe
920	Unicorn-5182.exe
976	Unicorn-31310.exe
700	Unicorn-51176.exe
3032	Unicorn-29687.exe
2152	Unicorn-9821.exe
3004	Unicorn-50465.exe
1584	Unicorn-26515.exe
2368	Unicorn-22431.exe
2428	Unicorn-5348.exe
2492	Unicorn-42297.exe
852	Unicorn-17601.exe
2976	Unicorn-59188.exe
2608	Unicorn-22239.exe
1276	Unicorn-42105.exe
2864	Unicorn-5156.exe
2612	Unicorn-42659.exe
2584	Unicorn-1072.exe
1032	Unicorn-25022.exe
1428	Unicorn-13324.exe
1360	Unicorn-53610.exe
3056	Unicorn-4409.exe
2644	Unicorn-4409.exe
1496	Unicorn-45997.exe
2796	Unicorn-24830.exe
2936	Unicorn-17216.exe
2212	Unicorn-61586.exe
1084	Unicorn-33552.exe
2680	Unicorn-4217.exe
1144	Unicorn-45805.exe
892	Unicorn-133.exe
2876	Unicorn-4772.exe
2968	Unicorn-24638.exe
2128	Unicorn-688.exe
2208	Unicorn-61067.exe
3048	Unicorn-37117.exe
2664	Unicorn-24119.exe
2184	Unicorn-15951.exe
1712	Unicorn-24673.exe
2592	Unicorn-48623.exe
2932	Unicorn-45094.exe
2636	Unicorn-44347.exe
2596	Unicorn-57154.exe
2400	Unicorn-54928.exe
1956	Unicorn-38954.exe
2556	Unicorn-9619.exe
1696	Unicorn-47123.exe

Loads dropped DLL 64 IoCs

pid	Process
2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe
2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe
2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe
2668	Unicorn-35753.exe
2668	Unicorn-35753.exe
2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe
2488	Unicorn-6816.exe
2488	Unicorn-6816.exe
2668	Unicorn-35753.exe
2668	Unicorn-35753.exe
2916	Unicorn-26682.exe
2916	Unicorn-26682.exe
2916	Unicorn-26682.exe
2784	Unicorn-14559.exe
2784	Unicorn-14559.exe
2916	Unicorn-26682.exe
2488	Unicorn-6816.exe
2488	Unicorn-6816.exe
2968	Unicorn-22728.exe
2968	Unicorn-22728.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
3048	Unicorn-1404.exe
3048	Unicorn-1404.exe
2784	Unicorn-14559.exe
2784	Unicorn-14559.exe
1152	Unicorn-62857.exe
2968	Unicorn-22728.exe
3044	Unicorn-42991.exe
1152	Unicorn-62857.exe
3044	Unicorn-42991.exe
2968	Unicorn-22728.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
2780	Unicorn-46173.exe
2780	Unicorn-46173.exe
1420	Unicorn-8669.exe
1420	Unicorn-8669.exe
3048	Unicorn-1404.exe
3048	Unicorn-1404.exe
2496	Unicorn-25006.exe
2496	Unicorn-25006.exe
1152	Unicorn-62857.exe
1152	Unicorn-62857.exe
1816	Unicorn-1056.exe
1816	Unicorn-1056.exe
3044	Unicorn-42991.exe
1708	Unicorn-20922.exe
3044	Unicorn-42991.exe
1708	Unicorn-20922.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2204	2744	WerFault.exe	35
916	1284	WerFault.exe	40
2456	976	WerFault.exe	52
2944	2428	WerFault.exe	61
1332	2608	WerFault.exe	64
2908	2612	WerFault.exe	67
1680	2212	WerFault.exe	78
1384	1084	WerFault.exe	79
2776	892	WerFault.exe	82
2984	1276	WerFault.exe	66
2456	1848	WerFault.exe	112
1588	2208	WerFault.exe	89
1652	2848	WerFault.exe	120
2992	2184	WerFault.exe	92
560	1696	WerFault.exe	101
1272	1092	WerFault.exe	138
2712	1680	WerFault.exe	146
2604	1672	WerFault.exe	114
1644	1808	WerFault.exe	172
1524	800	WerFault.exe	130
1988	1992	WerFault.exe	181
2528	2748	WerFault.exe	176
2844	1120	WerFault.exe	182
2240	2672	WerFault.exe	195
1728	1284	WerFault.exe	145
2840	1756	WerFault.exe	197
3604	2652	WerFault.exe	206
3696	2788	WerFault.exe	214
3844	1916	WerFault.exe	155
3968	2328	WerFault.exe	149
3400	568	WerFault.exe	248
3908	2152	WerFault.exe	203
3524	3812	WerFault.exe	291
3948	3956	WerFault.exe	296
544	1144	WerFault.exe	268
2560	3732	WerFault.exe	289
2556	3920	WerFault.exe	295
872	3912	WerFault.exe	321
1480	3616	WerFault.exe	332
3500	1536	WerFault.exe	350
2768	2228	WerFault.exe	366
1268	1676	WerFault.exe	381
4076	3332	WerFault.exe	399
2452	3472	WerFault.exe	347
2880	3532	WerFault.exe	401
3508	2816	WerFault.exe	412
3468	3636	WerFault.exe	425
2632	2812	WerFault.exe	429
3244	2488	WerFault.exe	437
3296	3212	WerFault.exe	443
2756	3588	WerFault.exe	469
3048	3276	WerFault.exe	525
3892	764	WerFault.exe	422
1224	484	WerFault.exe	450
3452	3368	WerFault.exe	465
4776	1148	WerFault.exe	488
5080	1420	WerFault.exe	512
5072	3192	WerFault.exe	477
4356	1304	WerFault.exe	486
3476	2548	WerFault.exe	507
4732	3088	WerFault.exe	518
5028	640	WerFault.exe	546
2588	3460	WerFault.exe	539
3980	3504	WerFault.exe	555

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60536.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe
2668	Unicorn-35753.exe
2488	Unicorn-6816.exe
2916	Unicorn-26682.exe
2968	Unicorn-22728.exe
2784	Unicorn-14559.exe
2744	Unicorn-60231.exe
3048	Unicorn-1404.exe
1152	Unicorn-62857.exe
3044	Unicorn-42991.exe
1284	Unicorn-6043.exe
1420	Unicorn-8669.exe
2780	Unicorn-46173.exe
2496	Unicorn-25006.exe
1816	Unicorn-1056.exe
1708	Unicorn-20922.exe
1192	Unicorn-50299.exe
2820	Unicorn-46215.exe
2012	Unicorn-46770.exe
920	Unicorn-5182.exe
976	Unicorn-31310.exe
700	Unicorn-51176.exe
3032	Unicorn-29687.exe
2152	Unicorn-9821.exe
3004	Unicorn-50465.exe
1584	Unicorn-26515.exe
2368	Unicorn-22431.exe
2428	Unicorn-5348.exe
2492	Unicorn-42297.exe
2976	Unicorn-59188.exe
852	Unicorn-17601.exe
2864	Unicorn-5156.exe
1276	Unicorn-42105.exe
2612	Unicorn-42659.exe
2608	Unicorn-22239.exe
2584	Unicorn-1072.exe
1032	Unicorn-25022.exe
1428	Unicorn-13324.exe
1360	Unicorn-53610.exe
3056	Unicorn-4409.exe
2644	Unicorn-4409.exe
1496	Unicorn-45997.exe
2796	Unicorn-24830.exe
2936	Unicorn-17216.exe
1084	Unicorn-33552.exe
2212	Unicorn-61586.exe
2680	Unicorn-4217.exe
1144	Unicorn-45805.exe
892	Unicorn-133.exe
2968	Unicorn-24638.exe
2876	Unicorn-4772.exe
2128	Unicorn-688.exe
2208	Unicorn-61067.exe
3048	Unicorn-37117.exe
2664	Unicorn-24119.exe
1712	Unicorn-24673.exe
2184	Unicorn-15951.exe
2592	Unicorn-48623.exe
2932	Unicorn-45094.exe
2636	Unicorn-44347.exe
2596	Unicorn-57154.exe
2400	Unicorn-54928.exe
1956	Unicorn-38954.exe
2556	Unicorn-9619.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2668	2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe	30
PID 2060 wrote to memory of 2668	2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe	30
PID 2060 wrote to memory of 2668	2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe	30
PID 2060 wrote to memory of 2668	2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe	30
PID 2668 wrote to memory of 2916	2668	Unicorn-35753.exe	32
PID 2668 wrote to memory of 2916	2668	Unicorn-35753.exe	32
PID 2668 wrote to memory of 2916	2668	Unicorn-35753.exe	32
PID 2668 wrote to memory of 2916	2668	Unicorn-35753.exe	32
PID 2060 wrote to memory of 2488	2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe	31
PID 2060 wrote to memory of 2488	2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe	31
PID 2060 wrote to memory of 2488	2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe	31
PID 2060 wrote to memory of 2488	2060	29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe	31
PID 2488 wrote to memory of 2968	2488	Unicorn-6816.exe	34
PID 2488 wrote to memory of 2968	2488	Unicorn-6816.exe	34
PID 2488 wrote to memory of 2968	2488	Unicorn-6816.exe	34
PID 2488 wrote to memory of 2968	2488	Unicorn-6816.exe	34
PID 2668 wrote to memory of 2744	2668	Unicorn-35753.exe	35
PID 2668 wrote to memory of 2744	2668	Unicorn-35753.exe	35
PID 2668 wrote to memory of 2744	2668	Unicorn-35753.exe	35
PID 2668 wrote to memory of 2744	2668	Unicorn-35753.exe	35
PID 2916 wrote to memory of 2784	2916	Unicorn-26682.exe	36
PID 2916 wrote to memory of 2784	2916	Unicorn-26682.exe	36
PID 2916 wrote to memory of 2784	2916	Unicorn-26682.exe	36
PID 2916 wrote to memory of 2784	2916	Unicorn-26682.exe	36
PID 2784 wrote to memory of 3048	2784	Unicorn-14559.exe	39
PID 2784 wrote to memory of 3048	2784	Unicorn-14559.exe	39
PID 2784 wrote to memory of 3048	2784	Unicorn-14559.exe	39
PID 2784 wrote to memory of 3048	2784	Unicorn-14559.exe	39
PID 2916 wrote to memory of 3044	2916	Unicorn-26682.exe	37
PID 2916 wrote to memory of 3044	2916	Unicorn-26682.exe	37
PID 2916 wrote to memory of 3044	2916	Unicorn-26682.exe	37
PID 2916 wrote to memory of 3044	2916	Unicorn-26682.exe	37
PID 2744 wrote to memory of 2204	2744	Unicorn-60231.exe	38
PID 2744 wrote to memory of 2204	2744	Unicorn-60231.exe	38
PID 2744 wrote to memory of 2204	2744	Unicorn-60231.exe	38
PID 2744 wrote to memory of 2204	2744	Unicorn-60231.exe	38
PID 2488 wrote to memory of 1284	2488	Unicorn-6816.exe	40
PID 2488 wrote to memory of 1284	2488	Unicorn-6816.exe	40
PID 2488 wrote to memory of 1284	2488	Unicorn-6816.exe	40
PID 2488 wrote to memory of 1284	2488	Unicorn-6816.exe	40
PID 2968 wrote to memory of 1152	2968	Unicorn-22728.exe	41
PID 2968 wrote to memory of 1152	2968	Unicorn-22728.exe	41
PID 2968 wrote to memory of 1152	2968	Unicorn-22728.exe	41
PID 2968 wrote to memory of 1152	2968	Unicorn-22728.exe	41
PID 3048 wrote to memory of 1420	3048	Unicorn-1404.exe	42
PID 3048 wrote to memory of 1420	3048	Unicorn-1404.exe	42
PID 3048 wrote to memory of 1420	3048	Unicorn-1404.exe	42
PID 3048 wrote to memory of 1420	3048	Unicorn-1404.exe	42
PID 2784 wrote to memory of 2780	2784	Unicorn-14559.exe	43
PID 2784 wrote to memory of 2780	2784	Unicorn-14559.exe	43
PID 2784 wrote to memory of 2780	2784	Unicorn-14559.exe	43
PID 2784 wrote to memory of 2780	2784	Unicorn-14559.exe	43
PID 1284 wrote to memory of 916	1284	Unicorn-6043.exe	44
PID 1284 wrote to memory of 916	1284	Unicorn-6043.exe	44
PID 1284 wrote to memory of 916	1284	Unicorn-6043.exe	44
PID 1284 wrote to memory of 916	1284	Unicorn-6043.exe	44
PID 1152 wrote to memory of 2496	1152	Unicorn-62857.exe	45
PID 1152 wrote to memory of 2496	1152	Unicorn-62857.exe	45
PID 1152 wrote to memory of 2496	1152	Unicorn-62857.exe	45
PID 1152 wrote to memory of 2496	1152	Unicorn-62857.exe	45
PID 3044 wrote to memory of 1708	3044	Unicorn-42991.exe	47
PID 3044 wrote to memory of 1708	3044	Unicorn-42991.exe	47
PID 3044 wrote to memory of 1708	3044	Unicorn-42991.exe	47
PID 3044 wrote to memory of 1708	3044	Unicorn-42991.exe	47

C:\Users\Admin\AppData\Local\Temp\29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe
"C:\Users\Admin\AppData\Local\Temp\29c2ce9dbfc13b07fcd4dd0406a4dbdd7d2226f32a5c9923f4bdf45329482340.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        12⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
        13⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
        14⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        15⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        16⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        18⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        19⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        20⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 220
        21⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        20⤵
        
        PID:844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        19⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        18⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 216
        17⤵
        Program crash
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        16⤵
        Program crash
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        15⤵
        Program crash
        
        PID:2556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        14⤵
        Program crash
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 248
        13⤵
        Program crash
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        12⤵
        Program crash
        
        PID:2604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 248
        11⤵
        Program crash
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        10⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        11⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
        12⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 244
        14⤵
        Program crash
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        12⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        13⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        14⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        15⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        16⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        17⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
        19⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        20⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
        21⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        21⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
        15⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        16⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
        17⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        18⤵
        
        PID:760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
        19⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        14⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        15⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        16⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
        17⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2830.exe
        18⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        19⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        20⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
        22⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        19⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8248.exe
        20⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3679.exe
        21⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        12⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        13⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        14⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        15⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        17⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        18⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65015.exe
        19⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        20⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        21⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        22⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37117.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56018.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        13⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        14⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
        15⤵
        Program crash
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
        12⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        13⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59529.exe
        14⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        15⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        16⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        17⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        18⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36598.exe
        19⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
        20⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        21⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
        22⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
        15⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36608.exe
        16⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        17⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        18⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 220
        19⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65108.exe
        17⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        18⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27330.exe
        19⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
        20⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        21⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
        22⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        21⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14148.exe
        20⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
        21⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        18⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        20⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        21⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
        20⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
        14⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        15⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        16⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        17⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 220
        18⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 228
        16⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        11⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
        12⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
        13⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        14⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        15⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 240
        16⤵
        Program crash
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
        15⤵
        
        PID:640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 224
        16⤵
        Program crash
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        10⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        12⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        13⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        14⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        15⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        16⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        17⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        18⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 236
        18⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 248
        15⤵
        Program crash
        
        PID:1224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        11⤵
        Program crash
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24119.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        10⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        12⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28385.exe
        13⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        14⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        16⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
        17⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
        18⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        19⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        20⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        21⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        22⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
        23⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        24⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe
        21⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 220
        22⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37479.exe
        19⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26780.exe
        20⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 244
        21⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
        12⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 244
        13⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 224
        12⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26719.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        12⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        13⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        14⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 240
        15⤵
        Program crash
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53636.exe
        11⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        12⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        13⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        14⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19618.exe
        15⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-536.exe
        16⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        17⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 224
        18⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        11⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        12⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        13⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        14⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        15⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        16⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        18⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 220
        19⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        11⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        12⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        13⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        14⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        15⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 244
        16⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        11⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        12⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        13⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        14⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
        15⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        16⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61491.exe
        17⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
        10⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 224
        11⤵
        Program crash
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        10⤵
        Program crash
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        9⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        11⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        12⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        13⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        14⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
        15⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        16⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
        17⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        18⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 220
        20⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        15⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2783.exe
        16⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        17⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        18⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        19⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        20⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
        21⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        22⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        19⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        20⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
        21⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 248
        20⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        17⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe
        18⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        19⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        20⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        21⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        22⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        21⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        20⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 224
        21⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 248
        19⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        18⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        19⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        20⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35776.exe
        21⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
        20⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        19⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        20⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        11⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        12⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        13⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        14⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        15⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        16⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        17⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32836.exe
        18⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        19⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        20⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        21⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
        16⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
        17⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61149.exe
        19⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        20⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
        19⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27292.exe
        14⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        15⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        16⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        17⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        18⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 220
        19⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        15⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        16⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
        17⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35493.exe
        18⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        19⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        10⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        11⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41029.exe
        13⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        16⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe
        14⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        15⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        16⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        17⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 220
        18⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
        17⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20117.exe
        18⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        19⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
        11⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31273.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        14⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        15⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 224
        16⤵
        Program crash
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        11⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 224
        12⤵
        Program crash
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        10⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 224
        11⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        11⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26094.exe
        12⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        13⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        14⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        15⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
        16⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        17⤵
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 220
        18⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
        13⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        15⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62944.exe
        16⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        17⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 244
        18⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        15⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        16⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 240
        17⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        10⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4412.exe
        11⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        12⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        12⤵
        Program crash
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        8⤵
        Program crash
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        8⤵
        Program crash
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        11⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        12⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        13⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        14⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        15⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        16⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14267.exe
        17⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 224
        18⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        11⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        12⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 244
        13⤵
        Program crash
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        10⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5587.exe
        11⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        12⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        14⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
        15⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 224
        16⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        9⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        10⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        11⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        12⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        13⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        14⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        15⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        16⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        17⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 220
        18⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        11⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29436.exe
        12⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        13⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        14⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4205.exe
        15⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        16⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        17⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        18⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        19⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        11⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        12⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        13⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
        14⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        15⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 224
        16⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45094.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11840.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        11⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        13⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        16⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 224
        17⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        12⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
        13⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1579.exe
        14⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        15⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        16⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        17⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        18⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
        19⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
        20⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 224
        21⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        17⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        18⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7677.exe
        19⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 244
        20⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
        14⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39919.exe
        16⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        17⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        18⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 224
        19⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22116.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        12⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        13⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        14⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        15⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe
        16⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        17⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        18⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        19⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        20⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        19⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45997.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        10⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        11⤵
        Program crash
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        10⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64788.exe
        11⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 224
        12⤵
        Program crash
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        10⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26387.exe
        11⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        13⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        14⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        15⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        16⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
        17⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20122.exe
        18⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe
        19⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
        20⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
        17⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        18⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
        19⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30075.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        11⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        13⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        14⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        15⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 240
        16⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
        11⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        13⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        14⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21497.exe
        15⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        16⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 240
        17⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1636.exe
        13⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        14⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        15⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 224
        16⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28177.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        10⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21924.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        12⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55284.exe
        13⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        14⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33183.exe
        15⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        16⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
        17⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 244
        18⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        11⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62108.exe
        12⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        13⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        14⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
        15⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
        16⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
        17⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        17⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        18⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        19⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        20⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 220
        21⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        20⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        18⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
        19⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63319.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        11⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        13⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        14⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 220
        15⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
        11⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        13⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        15⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        16⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
        17⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21923.exe
        18⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        19⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        12⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        13⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        15⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 220
        16⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        11⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        13⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        14⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        15⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        16⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
        17⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        18⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 224
        19⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
        10⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31460.exe
        11⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        12⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40962.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 244
        14⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13947.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        11⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
        12⤵
        Program crash
        
        PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        9⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        12⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        12⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        13⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        14⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21123.exe
        15⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23401.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
        17⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        18⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        19⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        20⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        21⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        22⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        16⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        17⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        18⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        20⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        21⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        14⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        15⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        16⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31751.exe
        17⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        18⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        19⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        20⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
        21⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51728.exe
        22⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        23⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
        22⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        17⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        18⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        19⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
        20⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        21⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        11⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        12⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        13⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
        14⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        11⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        12⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
        13⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        14⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        15⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
        16⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5959.exe
        17⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 224
        18⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33583.exe
        9⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        10⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 220
        11⤵
        Program crash
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        10⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23489.exe
        11⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        12⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        13⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        14⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        15⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
        16⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
        18⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11948.exe
        19⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31884.exe
        20⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        8⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
        8⤵
        Program crash
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        9⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        10⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        11⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        12⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        13⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        14⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        15⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 224
        16⤵
        Program crash
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
        10⤵
        Program crash
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        9⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        10⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        11⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63831.exe
        12⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        13⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        14⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
        15⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        16⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        17⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        18⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        19⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
        20⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        8⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 244
        9⤵
        Program crash
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 224
        7⤵
        Program crash
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        9⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        10⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        12⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        13⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        14⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        15⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
        17⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
        18⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        19⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 220
        20⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49936.exe
        10⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        11⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        12⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13146.exe
        13⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 240
        14⤵
        Program crash
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        9⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27617.exe
        10⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        11⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        12⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        13⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        14⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13328.exe
        15⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        16⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55347.exe
        17⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        18⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        19⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 220
        20⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4995.exe
        8⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 224
        9⤵
        Program crash
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        9⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        11⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        12⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 240
        13⤵
        Program crash
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        12⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 224
        13⤵
        Program crash
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
        9⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31652.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        12⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        13⤵
        Program crash
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61617.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        10⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
        11⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 224
        12⤵
        Program crash
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58104.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        11⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 244
        12⤵
        Program crash
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        8⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        11⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        13⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        14⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
        15⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 224
        16⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        8⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 244
        9⤵
        Program crash
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        11⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
        12⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
        13⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        14⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 244
        15⤵
        
        PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        11⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 244
        12⤵
        Program crash
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        11⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        12⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        13⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
        14⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        15⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        18⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 220
        19⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
        17⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        18⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
        15⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40630.exe
        16⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
        17⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
        18⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36650.exe
        19⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        20⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        21⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        16⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        17⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65430.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        19⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
        20⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        11⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        12⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 220
        14⤵
        Program crash
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        10⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
        12⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
        13⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21870.exe
        14⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        15⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 224
        16⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        10⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        11⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        12⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        13⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 220
        14⤵
        Program crash
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        8⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        10⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        11⤵
        
        PID:568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 244
        12⤵
        Program crash
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        11⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        13⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
        14⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        15⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 224
        16⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
        11⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        12⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        13⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 240
        14⤵
        Program crash
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 248
        9⤵
        Program crash
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        8⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
        11⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        12⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        13⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        14⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        15⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        16⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
        19⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 188
        20⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        10⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        11⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        12⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        13⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
        14⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        15⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        16⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 240
        17⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        15⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 240
        15⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        10⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43525.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11807.exe
        12⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        13⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        14⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe
        15⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        16⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        17⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
        18⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
        19⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 220
        20⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        14⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41580.exe
        16⤵
        
        PID:776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 220
        17⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38395.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
        10⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        11⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        13⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        14⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        15⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46800.exe
        16⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        18⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        19⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
        20⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
        9⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 244
        10⤵
        Program crash
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 188
        8⤵
        Program crash
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
        8⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        12⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        13⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        14⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        15⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        16⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        17⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        18⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
        19⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        20⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        21⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        22⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        21⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        19⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 224
        20⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        16⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 220
        17⤵
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
        9⤵
        Program crash
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        9⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        12⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 240
        13⤵
        Program crash
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 200
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 224
        8⤵
        Program crash
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38762.exe
        7⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        8⤵
        Program crash
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        8⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48618.exe
        9⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
        10⤵
        Program crash
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11913.exe
        10⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        11⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        12⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30417.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 220
        14⤵
        Program crash
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
        8⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        9⤵
        Program crash
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        10⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        11⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 224
        12⤵
        Program crash
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        10⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8102.exe
        11⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 220
        12⤵
        Program crash
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 244
        6⤵
        Program crash
        
        PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe

Filesize
192KB

MD5
6811cbfa0ecc712bbd491ff3e8a89004

SHA1
82496a5e009b85d41993b73c8e7746448a6a6ba6

SHA256
057740558c3723a230be61ebbcbe4ac110da146f92d229ed22f7e0e28cd21029

SHA512
3fede845930b24c3263dffacc2a5d46b2a3314e2f93abf41f23ccf3e8bf3abc484d65ad2c5bd926c6853fc0fc753a0165def14008298ea18271e8798a860dad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe

Filesize
192KB

MD5
cb3e493bb464fdd9bdb43cc1dbc17366

SHA1
57b2526c8369d47025121c1bf863aff26748d26f

SHA256
222386a8312f243d73d9acb9671fc24b3fe49ec066ef576af22a62741c4ee8c7

SHA512
b55517cd5dffb46f8c1503de401c23bc1847f40d4653eb2b36aea94eaaf2843bb0a2cb6bf6f3179380d22763e22339ca0afab4b83d05a4d08a4998eca5921fc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe

Filesize
192KB

MD5
fd63fa305614e3536d3dc48ec30f0c80

SHA1
51160341fb81ca16a9698a6b3f5dd58a5e0d366f

SHA256
2d0cb9106065f80e1944bb813ebdf7d7df4536a0a6aeecf269336423580fa707

SHA512
340682b7f4b1cb21f9df33bf54b8f166c73ff01ed0895bf5d787a0a684dd304da4aa8fd5276c78dcddaf0da1ac3ca78d8febc87f99a29cb8f022f670e261398f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe

Filesize
192KB

MD5
4469053707e45be647eff1f4a3d5cccb

SHA1
21aacf82b54b92e88fe3d2db394e664bbab80eed

SHA256
644ec0f23ad1fdd7fc4506edf32b6a0d7a2eefffd9584dd52bd09b17fb282022

SHA512
d93270625e90778f1a3ae0bc8ad7aa05621868a16df9fb355c0f71576afe6359d561eff70be874f2e08716cb8977fabbc163e8343858a1f7f4548900c5e9d8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe

Filesize
192KB

MD5
5bfbb3bd3a1d2d8039e91fb59a5b85ac

SHA1
2eeddd2e730beeb64ccc3c7b137e8729b55e11ba

SHA256
0f52baeb86988501bd82c90ad98e843903bcfbe0b794de62d519bb87c71fdc61

SHA512
9c7e43c048bc0ada6d23510a026ff3546d6c5b7614af8e27448694c6c23dffdd080e90e9924a2141392f3b877768a60c6b3b62486ba3b7a86771d742415dba40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe

Filesize
192KB

MD5
093f712765015056eb479d0098735a0b

SHA1
0f59705262bbf3d6b0fc5b983eb535621b6a600d

SHA256
c60c145f7738b8362b369f32ed427ceb57372b81d926ff365377bac3bd01a706

SHA512
5fa16506a95cc214c042645bcb378ee5e21334bd1cda6bf2aec674864578344239d0b2649f459330afe1402464d4013d581e450a2360161dda0c56c13b1afcfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe

Filesize
192KB

MD5
f155d19a9b6d12634867e1daa8c8fa29

SHA1
59b403a212a8213ddf505d4008b0a893706cd370

SHA256
69aed4bce7d437c5e5c7f3ca3b0860f05fc690c7ea2f51706b2bb0c951b4f816

SHA512
9626b705ca0ef3dd9bd83081863afae1c167ce5e060929b01941b377e2f6f057b1978f6868b03bb2e241b783cb2194482d957445fda0142179cab34d9be5194f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe

Filesize
192KB

MD5
daf1db336f64e777e7472e1da53389c4

SHA1
c603655a8021d2403f34e9b1bc8b6e40d13a635c

SHA256
470ee2c64579f3e117f97802c78c88b6acb850050cbe643f088f5e5d0b322d00

SHA512
25f81a4261c9ab53c606adbf6445b931bcb0641e74f26cebf759363ab6cb28d0261529ba6c7994c2275d364a790c13b586b6fcdc7b028311a287463439eec4a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe

Filesize
192KB

MD5
1d22ce15fb20fef29b818d86c492890d

SHA1
c004f9b9c3c428e09072c7745be3258e762cd3b3

SHA256
149618e5cc282782fa3455af0880e76677a37553db28d8d650e79175e56bdb12

SHA512
8db7bff2be4b042d998a3b78b029e746f43bf197b708050937a5a7642aa616d88d71cac541ab4394533c995bd160dc22ccc795c89730cd23a53a4e7c3153e1fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe

Filesize
192KB

MD5
07cef80f6d7cdefb427e7c5fbc8c9624

SHA1
042a689166383c433f3822cbc56644d0f78d5af7

SHA256
25c70368553ec035163906c9b854303d74e244779cef4ab90b8ad2ec53203d9e

SHA512
a9a7b7950f659a3486306bc917053ad6d52a4092a41ee48733d8a2ca663994d02bda6d867939ccace40a646d78d013285311631477b3284070356624a031e083

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe

Filesize
192KB

MD5
f75f5b29d9a1bed156406e6ed5faa053

SHA1
57c1d6ea16d857e0b17489707b304d0e57ff7627

SHA256
8d3a12e81f0c5200e9e365a3921c25ac5105cc300a2297aac9d50074e657a91e

SHA512
e2253a41b075f8702340306ab064c0fe3c22766812286328f8f7d8b640137309375284c1ba4f627e94f29103a779826bbf11bd9acc03a480c98c81172a1db2f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe

Filesize
192KB

MD5
7621121a9e51427037b9a28f202f581b

SHA1
edefae99e3c84d8164fe4d82a2058459dba35f6d

SHA256
1e92dad0612ef7645c146f333efe1353cc158fc967542c634d890bd6a48623f5

SHA512
739ae6a2700c7b337a35d4d2040a8d0e65b9f2956f1e1aed1e46819cb4cfc21df977397f1e58d1dc80b014306c4b3ff1fb80938a212a452ff7c32f997b9452c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe

Filesize
192KB

MD5
37b065c7ab569d536231c9746e1eefba

SHA1
bf14472acaef13154cc6f2990a7d0eebd11eca75

SHA256
76bcaa2e1a4a34ca8c5ffd1be0fd9986789e6698acdcef9cd661d2fbc14cd2f6

SHA512
7a73c4d3ba7351d746ecbfd34c9ab300091fe147bf19bf4047725dbe3609232f19d7c4669cda7622af4e6d8a0d754426318700befb94e8d75b2df6dd13aea97c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe

Filesize
192KB

MD5
cc26bf8c3ae9f2a782677e5578b5bd21

SHA1
98d9dd36901d91b75e4fb4d185a9d96a3601a9f1

SHA256
73388f29488754518e2fbcbd6008f3464a518fa4e2f23f37d71861de247e2504

SHA512
abc10a64f5d87e751684cda451dec553b47aa8bb00da0cfa41a53038c262877916ace737c483b744e4591668f2274457620ea50a4b7cad93e70bc29f7ba7fcda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe

Filesize
192KB

MD5
4fca334333c69e2709a6b247c7700750

SHA1
4a836d9add72b0811c392c772e8de9b7f2beaeb7

SHA256
0f97fcd4029dc8a36c3acba63a101518b0a47e4bec1f074dc71f19ef824dc64a

SHA512
a1e415b4ec76ffe4b4c8228f161c3c01aa6617316a88348ce4fe4c99f87e9618511102ec7cf1600b798ee458ac880a5ee9fdbf940652f69701be726584be21e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe

Filesize
192KB

MD5
9966dd9eb1274a0d551eb2e7c464cbca

SHA1
eb96e58e098e3b4404ed7d1ce100b71f50137449

SHA256
f5759b02b7747dacd496d5daeec941ee6a44e0ee6b80ba506fbd61ebd25bfa68

SHA512
3397933c77611add1055f0061d1bff7fb1610ae303de40a4099e848235b354787d64a8a55b00f9c3d2836778a154906c4dde245435710c4d472a34a67c7e00e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe

Filesize
192KB

MD5
330fe876f4f2420e401602572baeea0f

SHA1
5084a9ad623cc701826ba4cff5947f19035c3a06

SHA256
b15231ea5b3d7fc1ccf5edcfcae66d4aafde0ee7d95a33ab1bfdc7ca2fb94a39

SHA512
c59ad3a82c2672cccf137ceb89a8afd7041dfef3d7beddc91e4a14b2871da88f615a86bf92c17654b1665233874892f418b6bc69d39c4e41bc34a1c492c64ee5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe

Filesize
192KB

MD5
ce7b1d4f823c2127b354feefeb1799d7

SHA1
64fc5e67e4558259ec771e9e8b2782a3407a61f0

SHA256
841375492e44f102d299d2963ff6a1a89aadbb39d6924f900775960cb92bd99d

SHA512
a842cf525160d5b8c999eab5de8545b6f0757582eeb69c9460e0d6ebb0d1604f1d5bd79b404816b334c994e0ff36214df8583b13c48048e083515826163096a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe

Filesize
192KB

MD5
23569ea9f69c6bc32d6ff4339808fa71

SHA1
639d8fbc26805b95d3601a8118d851c5c817fe63

SHA256
97f558ac35369cd2e0dcc35f43c9c178b5fc750383f0504f48c5d8fcb66ed37b

SHA512
ef63757bcd602037d0759a951d1aa36fc8a849253f4ff326102030902d66d6bc95937cb1d930650f74d9504f2bdcecf20a0f234854fc8642b19f996f9ccfadae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe

Filesize
192KB

MD5
9e08528ab5f3144863ca7626f1aa36ba

SHA1
692e19fc5d989a3e2f5e10b06f1f6f6fd4dc1252

SHA256
3f652761de7e7df88a34f86476ca9da7bdce6fd70541701bbe4389cacb8f181f

SHA512
6246b71dfef4c35736c71c9ac3e6efc3237788adcc7902600c946ba5a100828b1fe0d135092164dacad7ba794fe94dc8e02f995a193b25835354c9501dac1361

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe

Filesize
192KB

MD5
d7558c846fb84199ba65182edff3c596

SHA1
7f1c159d8a4da907bdb10bcd7affe6cf376b92d9

SHA256
d956134f9df39dd6da7c46f6a99a343ccac0446981f3965aa4b3b1ebf7308b1f

SHA512
679447213d1e30dd1540f32596a9c0831921cd509b49e1543383631ae880f9f7496718a72a8c25558183d0432b377ed90ccdba4181d2c2ef7b00aefc3b529bec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe

Filesize
192KB

MD5
86df782f8b99d1753aa6139559f9ecca

SHA1
98d6f928dc72189b07d109d0bfac5c4701274d37

SHA256
5d522d79eca3002fbb171482d8997c0ce1b42bc2e5dd4f7cfe3d58a8f405e765

SHA512
4ac3359ce9248296f3cabb8b6d3c3b6d6e08f8f93d1187974a1423112b4faea0f09430e67aaf52e51f8c2036498422f2493b0dcad6b2b9bfbe6913762a208f83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe

Filesize
192KB

MD5
3ff922503505adcd4ba9fc82e23cc38d

SHA1
6592a7e224edf830cbfc1e50c8a4f5e02c750c1e

SHA256
59195b2a234ae02afc72210cd130f4e796697f0156ceb39f494859330745db1b

SHA512
2f84fdbd233e537c604a1a4fffc4d95af1c99f4f0301277a949b7c5f324e1e99341327fd2dba23e640e9d2a81bea1f5eb66dddfde04cbee54d96a7bc34a5a917

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe

Filesize
192KB

MD5
91f0dc35b041115cb70600f4228a0ef8

SHA1
fe8d8a5b4e64c746a42319ed688ff95a7c2a6252

SHA256
cde0def7b5327bf1d9eeef601fdd538d592752c011c10c23ff786b6f4faf1c89

SHA512
24f2a182e807b126cbc87b16b662a24bc00573c00fa7fca5781109ee45b29625501dff4f9aa12afdbbec0977976dbabb2c7b6e4b47efb2305a9e8e1b410fc417

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe

Filesize
192KB

MD5
e4675d31567e8935fe39bc5bc109caa3

SHA1
0140e86e3bc81d80372197ae9ae6d61e30544667

SHA256
480a945a7747b0712e405086b275b939d989bd5b80f2c10503cb69fefa54ea9b

SHA512
44c97b7e7e59b2a76cd00f6322b1d8c31652dc8f5cf4ce08a2bacffb403a5b5388d849b0dd293a47ef75792b9f0274b67b5ebf8b3d1df89c86a705a143aaca49

Download Submit