8574df399c6bcd9e1c3c343d3f541794306c4d800c1f97d2349b234e6ee143c4

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 17:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c39b9b51c90b122e44f62ba936dea5d0N.exe
Size

468KB
MD5

c39b9b51c90b122e44f62ba936dea5d0
SHA1

c26b459230e4f4d14d2cd2f59ab35e73b1cf2f89
SHA256

8574df399c6bcd9e1c3c343d3f541794306c4d800c1f97d2349b234e6ee143c4
SHA512

17f224e9af9428e634610d29239d3fe5b62dffda7ce50e338e52db26ccdfb49b7370e0bed28108fa9a26b975121003da94844ff4aaf0046133abd3bc748a5a61
SSDEEP

3072:1G3HogISAE5TtbY2HncOcf8/vChaP0p2JVHeTVPMQ7gL6K7gyElP:1G3oDMTtxHcOcfSYHKQ7KB7gy

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2408	Unicorn-50835.exe
2196	Unicorn-14545.exe
1708	Unicorn-56133.exe
2272	Unicorn-44561.exe
2232	Unicorn-34538.exe
2240	Unicorn-36585.exe
2684	Unicorn-58520.exe
2208	Unicorn-36715.exe
2716	Unicorn-57882.exe
1936	Unicorn-26492.exe
2608	Unicorn-34337.exe
2172	Unicorn-54203.exe
808	Unicorn-60517.exe
1812	Unicorn-1110.exe
764	Unicorn-845.exe
1088	Unicorn-18490.exe
1068	Unicorn-55993.exe
1752	Unicorn-10321.exe
984	Unicorn-32971.exe
2828	Unicorn-14597.exe
2796	Unicorn-10684.exe
2452	Unicorn-47078.exe
2968	Unicorn-21811.exe
1960	Unicorn-38910.exe
956	Unicorn-32256.exe
924	Unicorn-52122.exe
1540	Unicorn-50076.exe
1772	Unicorn-56206.exe
1584	Unicorn-39605.exe
1176	Unicorn-60913.exe
756	Unicorn-36387.exe
2024	Unicorn-39917.exe
1576	Unicorn-44001.exe
2960	Unicorn-27665.exe
2276	Unicorn-27400.exe
2092	Unicorn-40663.exe
1580	Unicorn-24327.exe
2252	Unicorn-44193.exe
2768	Unicorn-9474.exe
2576	Unicorn-15604.exe
2368	Unicorn-54482.exe
2636	Unicorn-60612.exe
2064	Unicorn-57275.exe
2604	Unicorn-60804.exe
2516	Unicorn-14349.exe
2116	Unicorn-27364.exe
2020	Unicorn-11027.exe
1512	Unicorn-24026.exe
1736	Unicorn-7690.exe
1124	Unicorn-28132.exe
1724	Unicorn-22193.exe
1820	Unicorn-28059.exe
540	Unicorn-28324.exe
1372	Unicorn-8458.exe
2844	Unicorn-16070.exe
1132	Unicorn-12241.exe
3024	Unicorn-32107.exe
2712	Unicorn-20924.exe
3036	Unicorn-13724.exe
880	Unicorn-28769.exe
2864	Unicorn-24899.exe
1332	Unicorn-16731.exe
1572	Unicorn-54426.exe
1596	Unicorn-58510.exe

Loads dropped DLL 64 IoCs

pid	Process
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2408	Unicorn-50835.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2408	Unicorn-50835.exe
1708	Unicorn-56133.exe
1708	Unicorn-56133.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2196	Unicorn-14545.exe
2196	Unicorn-14545.exe
2408	Unicorn-50835.exe
2408	Unicorn-50835.exe
2272	Unicorn-44561.exe
2272	Unicorn-44561.exe
1708	Unicorn-56133.exe
1708	Unicorn-56133.exe
2240	Unicorn-36585.exe
2240	Unicorn-36585.exe
2196	Unicorn-14545.exe
2232	Unicorn-34538.exe
2196	Unicorn-14545.exe
2232	Unicorn-34538.exe
2408	Unicorn-50835.exe
2684	Unicorn-58520.exe
2408	Unicorn-50835.exe
2684	Unicorn-58520.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2208	Unicorn-36715.exe
2208	Unicorn-36715.exe
2272	Unicorn-44561.exe
2272	Unicorn-44561.exe
2716	Unicorn-57882.exe
2716	Unicorn-57882.exe
1708	Unicorn-56133.exe
1708	Unicorn-56133.exe
1936	Unicorn-26492.exe
1936	Unicorn-26492.exe
2240	Unicorn-36585.exe
2240	Unicorn-36585.exe
764	Unicorn-845.exe
764	Unicorn-845.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2172	Unicorn-54203.exe
2172	Unicorn-54203.exe
2684	Unicorn-58520.exe
2684	Unicorn-58520.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
2608	Unicorn-34337.exe
2608	Unicorn-34337.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
808	Unicorn-60517.exe
808	Unicorn-60517.exe
2196	Unicorn-14545.exe
2196	Unicorn-14545.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1552	1812	WerFault.exe	43
1376	2232	WerFault.exe	34
1140	2452	WerFault.exe	51
1628	956	WerFault.exe	56
908	1176	WerFault.exe	61
2496	2636	WerFault.exe	73
3056	2064	WerFault.exe	74
1828	1724	WerFault.exe	85
1012	2712	WerFault.exe	93
840	2960	WerFault.exe	65
2556	2864	WerFault.exe	95
1692	1696	WerFault.exe	114
1856	1820	WerFault.exe	84
1600	560	WerFault.exe	102
2120	2844	WerFault.exe	88
1480	924	WerFault.exe	57
264	1912	WerFault.exe	100
2544	1372	WerFault.exe	86
3840	2124	WerFault.exe	121
4052	1944	WerFault.exe	125
3608	2612	WerFault.exe	128
3164	1604	WerFault.exe	124
3364	1648	WerFault.exe	153
3404	2564	WerFault.exe	146
3316	2904	WerFault.exe	157
4732	3044	WerFault.exe	110
4788	2744	WerFault.exe	170
4800	2620	WerFault.exe	169
4820	2280	WerFault.exe	168
4828	3416	WerFault.exe	194
4848	2560	WerFault.exe	162
5052	1068	WerFault.exe	46
5088	1064	WerFault.exe	163
5096	2204	WerFault.exe	122
5104	1588	WerFault.exe	133
4220	1816	WerFault.exe	129
4860	1960	WerFault.exe	53
4796	3032	WerFault.exe	139
4876	2720	WerFault.exe	131
4840	2172	WerFault.exe	41
4940	2664	WerFault.exe	138
4976	2660	WerFault.exe	130
4992	2968	WerFault.exe	52
4624	1596	WerFault.exe	98
5060	1772	WerFault.exe	58
4808	2052	WerFault.exe	105
4256	1976	WerFault.exe	142
4984	2652	WerFault.exe	161
4104	2220	WerFault.exe	144
4116	2616	WerFault.exe	147
4128	2328	WerFault.exe	145
4172	756	WerFault.exe	62
4148	2368	WerFault.exe	72
4424	1332	WerFault.exe	96
4356	2332	WerFault.exe	126
5480	2212	WerFault.exe	160
5732	1776	WerFault.exe	115
5592	1644	WerFault.exe	150
5852	2576	WerFault.exe	71
5900	2488	WerFault.exe	108
5972	284	WerFault.exe	118
5928	1640	WerFault.exe	154
5916	1716	WerFault.exe	104
6140	5596	WerFault.exe	388

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48569.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61004.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4065.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2948	c39b9b51c90b122e44f62ba936dea5d0N.exe
2408	Unicorn-50835.exe
1708	Unicorn-56133.exe
2196	Unicorn-14545.exe
2272	Unicorn-44561.exe
2232	Unicorn-34538.exe
2240	Unicorn-36585.exe
2684	Unicorn-58520.exe
2208	Unicorn-36715.exe
2716	Unicorn-57882.exe
1936	Unicorn-26492.exe
2172	Unicorn-54203.exe
2608	Unicorn-34337.exe
808	Unicorn-60517.exe
1812	Unicorn-1110.exe
764	Unicorn-845.exe
1088	Unicorn-18490.exe
1068	Unicorn-55993.exe
984	Unicorn-32971.exe
1752	Unicorn-10321.exe
2828	Unicorn-14597.exe
2796	Unicorn-10684.exe
2452	Unicorn-47078.exe
1960	Unicorn-38910.exe
2968	Unicorn-21811.exe
924	Unicorn-52122.exe
956	Unicorn-32256.exe
1540	Unicorn-50076.exe
1772	Unicorn-56206.exe
1584	Unicorn-39605.exe
1176	Unicorn-60913.exe
756	Unicorn-36387.exe
2024	Unicorn-39917.exe
2960	Unicorn-27665.exe
1576	Unicorn-44001.exe
2276	Unicorn-27400.exe
1580	Unicorn-24327.exe
2092	Unicorn-40663.exe
2252	Unicorn-44193.exe
2768	Unicorn-9474.exe
2576	Unicorn-15604.exe
2636	Unicorn-60612.exe
2368	Unicorn-54482.exe
2064	Unicorn-57275.exe
2604	Unicorn-60804.exe
2116	Unicorn-27364.exe
2516	Unicorn-14349.exe
2020	Unicorn-11027.exe
1736	Unicorn-7690.exe
1512	Unicorn-24026.exe
1124	Unicorn-28132.exe
1724	Unicorn-22193.exe
540	Unicorn-28324.exe
1820	Unicorn-28059.exe
1372	Unicorn-8458.exe
2844	Unicorn-16070.exe
3036	Unicorn-13724.exe
1132	Unicorn-12241.exe
3024	Unicorn-32107.exe
2712	Unicorn-20924.exe
880	Unicorn-28769.exe
2864	Unicorn-24899.exe
1332	Unicorn-16731.exe
1572	Unicorn-54426.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2408	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	28
PID 2948 wrote to memory of 2408	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	28
PID 2948 wrote to memory of 2408	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	28
PID 2948 wrote to memory of 2408	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	28
PID 2948 wrote to memory of 1708	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	30
PID 2948 wrote to memory of 1708	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	30
PID 2948 wrote to memory of 1708	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	30
PID 2948 wrote to memory of 1708	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	30
PID 2408 wrote to memory of 2196	2408	Unicorn-50835.exe	29
PID 2408 wrote to memory of 2196	2408	Unicorn-50835.exe	29
PID 2408 wrote to memory of 2196	2408	Unicorn-50835.exe	29
PID 2408 wrote to memory of 2196	2408	Unicorn-50835.exe	29
PID 1708 wrote to memory of 2272	1708	Unicorn-56133.exe	33
PID 1708 wrote to memory of 2272	1708	Unicorn-56133.exe	33
PID 1708 wrote to memory of 2272	1708	Unicorn-56133.exe	33
PID 1708 wrote to memory of 2272	1708	Unicorn-56133.exe	33
PID 2948 wrote to memory of 2232	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	34
PID 2948 wrote to memory of 2232	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	34
PID 2948 wrote to memory of 2232	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	34
PID 2948 wrote to memory of 2232	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	34
PID 2196 wrote to memory of 2240	2196	Unicorn-14545.exe	35
PID 2196 wrote to memory of 2240	2196	Unicorn-14545.exe	35
PID 2196 wrote to memory of 2240	2196	Unicorn-14545.exe	35
PID 2196 wrote to memory of 2240	2196	Unicorn-14545.exe	35
PID 2408 wrote to memory of 2684	2408	Unicorn-50835.exe	36
PID 2408 wrote to memory of 2684	2408	Unicorn-50835.exe	36
PID 2408 wrote to memory of 2684	2408	Unicorn-50835.exe	36
PID 2408 wrote to memory of 2684	2408	Unicorn-50835.exe	36
PID 2272 wrote to memory of 2208	2272	Unicorn-44561.exe	37
PID 2272 wrote to memory of 2208	2272	Unicorn-44561.exe	37
PID 2272 wrote to memory of 2208	2272	Unicorn-44561.exe	37
PID 2272 wrote to memory of 2208	2272	Unicorn-44561.exe	37
PID 1708 wrote to memory of 2716	1708	Unicorn-56133.exe	38
PID 1708 wrote to memory of 2716	1708	Unicorn-56133.exe	38
PID 1708 wrote to memory of 2716	1708	Unicorn-56133.exe	38
PID 1708 wrote to memory of 2716	1708	Unicorn-56133.exe	38
PID 2240 wrote to memory of 1936	2240	Unicorn-36585.exe	39
PID 2240 wrote to memory of 1936	2240	Unicorn-36585.exe	39
PID 2240 wrote to memory of 1936	2240	Unicorn-36585.exe	39
PID 2240 wrote to memory of 1936	2240	Unicorn-36585.exe	39
PID 2196 wrote to memory of 2608	2196	Unicorn-14545.exe	40
PID 2196 wrote to memory of 2608	2196	Unicorn-14545.exe	40
PID 2196 wrote to memory of 2608	2196	Unicorn-14545.exe	40
PID 2196 wrote to memory of 2608	2196	Unicorn-14545.exe	40
PID 2232 wrote to memory of 2172	2232	Unicorn-34538.exe	41
PID 2232 wrote to memory of 2172	2232	Unicorn-34538.exe	41
PID 2232 wrote to memory of 2172	2232	Unicorn-34538.exe	41
PID 2232 wrote to memory of 2172	2232	Unicorn-34538.exe	41
PID 2408 wrote to memory of 808	2408	Unicorn-50835.exe	42
PID 2408 wrote to memory of 808	2408	Unicorn-50835.exe	42
PID 2408 wrote to memory of 808	2408	Unicorn-50835.exe	42
PID 2408 wrote to memory of 808	2408	Unicorn-50835.exe	42
PID 2684 wrote to memory of 1812	2684	Unicorn-58520.exe	43
PID 2684 wrote to memory of 1812	2684	Unicorn-58520.exe	43
PID 2684 wrote to memory of 1812	2684	Unicorn-58520.exe	43
PID 2684 wrote to memory of 1812	2684	Unicorn-58520.exe	43
PID 2948 wrote to memory of 764	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	44
PID 2948 wrote to memory of 764	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	44
PID 2948 wrote to memory of 764	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	44
PID 2948 wrote to memory of 764	2948	c39b9b51c90b122e44f62ba936dea5d0N.exe	44
PID 2208 wrote to memory of 1088	2208	Unicorn-36715.exe	45
PID 2208 wrote to memory of 1088	2208	Unicorn-36715.exe	45
PID 2208 wrote to memory of 1088	2208	Unicorn-36715.exe	45
PID 2208 wrote to memory of 1088	2208	Unicorn-36715.exe	45

C:\Users\Admin\AppData\Local\Temp\c39b9b51c90b122e44f62ba936dea5d0N.exe
"C:\Users\Admin\AppData\Local\Temp\c39b9b51c90b122e44f62ba936dea5d0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20924.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        9⤵
        Program crash
        
        PID:1012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        8⤵
        Program crash
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        10⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 248
        10⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        9⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 244
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        9⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        8⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 228
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38678.exe
        7⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        8⤵
        Program crash
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        7⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        7⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
        9⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        9⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        9⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 248
        9⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        8⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        8⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 244
        8⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        8⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        8⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        7⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        7⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        7⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        7⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 244
        8⤵
        Program crash
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        7⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 244
        7⤵
        Program crash
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54718.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        7⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        6⤵
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        6⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36837.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        6⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        9⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55817.exe
        9⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17131.exe
        9⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45613.exe
        8⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        8⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
        8⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 220
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
        7⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        7⤵
        Program crash
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        6⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 224
        7⤵
        Program crash
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        6⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
        7⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 220
        7⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        6⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22717.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        6⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20704.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 248
        8⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59359.exe
        7⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 244
        7⤵
        Program crash
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
        7⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 228
        6⤵
        Program crash
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        5⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
        6⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        7⤵
        
        PID:8920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 248
        6⤵
        Program crash
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        6⤵
        
        PID:7420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 228
        6⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        5⤵
        
        PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        7⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 224
        8⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2741.exe
        8⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 248
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        7⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59533.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15711.exe
        7⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
        8⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12694.exe
        8⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 248
        7⤵
        Program crash
        
        PID:3164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
        6⤵
        Program crash
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33835.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        7⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 244
        8⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 248
        7⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65482.exe
        6⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        7⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13094.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65052.exe
        6⤵
        
        PID:7760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 248
        6⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11560.exe
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
        6⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        7⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        7⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
        7⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5529.exe
        6⤵
        
        PID:4512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 244
        6⤵
        Program crash
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
        6⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21869.exe
        6⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        5⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        5⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
        5⤵
        
        PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
        7⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        7⤵
        Program crash
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
        6⤵
        
        PID:4784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 228
        6⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        6⤵
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 248
        6⤵
        Program crash
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        5⤵
        
        PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 224
        5⤵
        Program crash
        
        PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 228
        5⤵
        Program crash
        
        PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
      4⤵
      PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
      4⤵
      PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
      4⤵
      PID:8480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 244
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 224
        5⤵
        Program crash
        
        PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 224
        5⤵
        Program crash
        
        PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        5⤵
        
        PID:4588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 224
        5⤵
        
        PID:6472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58061.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
      4⤵
      PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
      4⤵
      PID:8372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
        8⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 228
        8⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 228
        7⤵
        Program crash
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        6⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        7⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        6⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
        6⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
        7⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        6⤵
        
        PID:4560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 244
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        5⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        6⤵
        
        PID:8304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 248
        5⤵
        Program crash
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        6⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        7⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 228
        7⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65451.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        6⤵
        Program crash
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        7⤵
        
        PID:3484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
        6⤵
        Program crash
        
        PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
        5⤵
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        6⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        5⤵
        
        PID:7896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 228
        5⤵
        
        PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        5⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        6⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
        6⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2668.exe
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        6⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        5⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1120.exe
        5⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60823.exe
        5⤵
        
        PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35561.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        5⤵
        
        PID:5472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 244
        5⤵
        
        PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40017.exe
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
      4⤵
      PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
      4⤵
      PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6580.exe
      4⤵
      PID:9208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        5⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63256.exe
        6⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51894.exe
        7⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        7⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        6⤵
        
        PID:7260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 248
        6⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43579.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        6⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
        5⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        5⤵
        
        PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
      4⤵
      PID:284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26587.exe
        6⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
        5⤵
        
        PID:4196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 244
        5⤵
        Program crash
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
      4⤵
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        5⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        5⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        5⤵
        
        PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
      4⤵
      PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
      4⤵
      PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
      4⤵
      PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
      4⤵
      PID:9104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33216.exe
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        6⤵
        
        PID:7524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 220
        6⤵
        
        PID:8956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 228
        5⤵
        Program crash
        
        PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
      4⤵
      PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        5⤵
        
        PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13089.exe
      4⤵
      PID:4740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
      4⤵
      PID:7708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
    3⤵
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
      4⤵
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        5⤵
        
        PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
      4⤵
      PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
    3⤵
    PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34646.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
      4⤵
      PID:8980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
    3⤵
    PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63795.exe
    3⤵
    PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
    3⤵
    PID:7676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
    3⤵
    PID:9068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
        7⤵
        Program crash
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        7⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 224
        8⤵
        Program crash
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10843.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        7⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 248
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4360.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        7⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
        7⤵
        Program crash
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        6⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
        6⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        6⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5327.exe
        8⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 248
        8⤵
        Program crash
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
        7⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        7⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        6⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 224
        7⤵
        Program crash
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        6⤵
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 248
        6⤵
        Program crash
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        6⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60065.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3864.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
        7⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 228
        7⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        6⤵
        
        PID:4580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 248
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64470.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4023.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        7⤵
        
        PID:8924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 248
        6⤵
        Program crash
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
        6⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
        5⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
        5⤵
        
        PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        6⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39062.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18311.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37876.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
        7⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
        6⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
        7⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44520.exe
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        6⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        6⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        6⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25343.exe
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        7⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        7⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30048.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        6⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39888.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
        6⤵
        
        PID:8900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
        5⤵
        Program crash
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9474.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        5⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        6⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        7⤵
        Program crash
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        7⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        6⤵
        
        PID:4320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
        5⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        6⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16639.exe
        7⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 228
        7⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        6⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        6⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        6⤵
        
        PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
        6⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51177.exe
        5⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        5⤵
        
        PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
      4⤵
      PID:1912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 224
        5⤵
        Program crash
        
        PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
      4⤵
      PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        5⤵
        
        PID:4188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        5⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
      4⤵
      PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
      4⤵
      PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52957.exe
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36631.exe
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
      4⤵
      PID:9588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        8⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 228
        8⤵
        Program crash
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        7⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 224
        7⤵
        Program crash
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        6⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        7⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 244
        7⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20878.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9172.exe
        6⤵
        
        PID:4152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 244
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58510.exe
        5⤵
        Executes dropped EXE
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        6⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        7⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 248
        7⤵
        Program crash
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        7⤵
        
        PID:9240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 244
        6⤵
        Program crash
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25299.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        6⤵
        
        PID:4892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 244
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5746.exe
        6⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        5⤵
        
        PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8178.exe
        5⤵
        
        PID:560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 224
        6⤵
        Program crash
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        5⤵
        
        PID:2744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
        6⤵
        Program crash
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        5⤵
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        5⤵
        
        PID:8572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        5⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38934.exe
        6⤵
        
        PID:4248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 228
        6⤵
        Program crash
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        5⤵
        
        PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        5⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        5⤵
        
        PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
      4⤵
      PID:2560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 224
        5⤵
        Program crash
        
        PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
      4⤵
      PID:7616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
      4⤵
      PID:7876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32971.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 220
        6⤵
        Program crash
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        5⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50854.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        6⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        6⤵
        
        PID:8616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        6⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54481.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        5⤵
        
        PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
        5⤵
        
        PID:2280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 224
        6⤵
        Program crash
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20739.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        5⤵
        
        PID:5596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 188
        6⤵
        Program crash
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        5⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
        5⤵
        
        PID:7560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 244
        5⤵
        
        PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
      4⤵
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        5⤵
        
        PID:5012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 228
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32364.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
      4⤵
      PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
      4⤵
      PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
      4⤵
      PID:7836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
      4⤵
      PID:8268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24580.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
        6⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16271.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        5⤵
        Program crash
        
        PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
        5⤵
        
        PID:7756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 224
        5⤵
        
        PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25146.exe
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
      4⤵
      PID:8432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
      4⤵
      PID:8632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
    3⤵
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
      4⤵
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        5⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
      4⤵
      PID:5564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 228
      4⤵
      PID:6860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
    3⤵
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
      4⤵
      PID:4544
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 228
      4⤵
      PID:6384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
    3⤵
    PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
    3⤵
    PID:5724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
    3⤵
    PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
    3⤵
    PID:7784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65003.exe
    3⤵
    PID:8296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
    3⤵
    PID:8868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38910.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        6⤵
        Program crash
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        6⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        8⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 228
        7⤵
        Program crash
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        7⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
        7⤵
        
        PID:8748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        6⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23352.exe
        6⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
        6⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        7⤵
        
        PID:8392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
        6⤵
        Program crash
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        5⤵
        
        PID:3872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        5⤵
        Program crash
        
        PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        5⤵
        Program crash
        
        PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
      4⤵
      PID:2612
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 224
        5⤵
        Program crash
        
        PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
      4⤵
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        5⤵
        
        PID:8512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220
      4⤵
      Program crash
      PID:4840
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 248
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
      4⤵
      Program crash
      PID:1140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1372
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 244
      4⤵
      Program crash
      PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
    3⤵
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41913.exe
      4⤵
      PID:5268
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 216
      4⤵
      PID:6636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
    3⤵
    PID:3740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
    3⤵
    PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
    3⤵
    PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
    3⤵
    PID:7304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
    3⤵
    PID:8852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
      4⤵
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        5⤵
        
        PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        5⤵
        
        PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
      4⤵
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5741.exe
        5⤵
        
        PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
      4⤵
      PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
      4⤵
      PID:7740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
      4⤵
      PID:9164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
    3⤵
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        5⤵
        
        PID:9372
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 228
      4⤵
      Program crash
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41553.exe
    3⤵
    PID:3920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
    3⤵
    - Program crash
    PID:4992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16070.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2844
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
    3⤵
    - Program crash
    PID:2120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
  2⤵
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
    3⤵
    PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
    3⤵
    PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
    3⤵
    PID:7404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48033.exe
    3⤵
    PID:9616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
  2⤵
  PID:3520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
  2⤵
  PID:5920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
  2⤵
  PID:7152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
  2⤵
  PID:8020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
  2⤵
  PID:8516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
  2⤵
  PID:9420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe

Filesize
468KB

MD5
9f9fe192033edab1c7ba5b34dc4e0fd4

SHA1
afd71a3f7643fd2eb7c80ac6501b83adb56eacd2

SHA256
f5b38ea986b940ab6403a7d258bd291e240cc8ee03a9d7939355e7109c11d7b6

SHA512
fbab56a7dbbe3e308d008f08d612b11264f3b21a259f280ef86670e7f2834f50157018afb83ab867f153a012b28e08ca77b124de6be4109487bb5d2ed342fccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe

Filesize
468KB

MD5
766e2809b9f2ed0b2692e792f8dfff13

SHA1
44d1e28aaa18779fbe1d35221aa3fbf0b66fd8bc

SHA256
92df689640611320bab0c0fb1b658843b954a19649d8afe1ad6ba66abf6b130b

SHA512
75188b7117f413c0dff9efc4836f179d84514b6da16e15eacec090402f8d0f7cdc7635398d9ac47bbc27bf46734f724f7d4c02af12e7428c1f5d76a8d0fc8df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe

Filesize
468KB

MD5
cdc66b12e22dd4cbcf9a004ea8e0837c

SHA1
ad8f8e11a81c619edd075675fcfecfa34ef2116f

SHA256
0ee200feecc297a2bb500382944e6b0ce5d758430564631b47d7f059ad604652

SHA512
ca34cc66712f17c32d923128a3f3d20d8fee994e39628bf664d467ac4d5eb0897844acec249d494c9d1b67d0b667514d069eb12192cf134f15af4e3784a3227c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe

Filesize
468KB

MD5
9810bb729c6d9355cad0e60a1e69b4c3

SHA1
002292f9f57e47079591996fe8fcbeb7b9b52766

SHA256
63a07ae7da9b0403a1b39e625f7ce361915723b45c7fa080f17e30605d597336

SHA512
085530ecd7ce5b17b428a316323213c770546865321146cb330e81a91d728e394c05a38fefa4913f06fadac94e7f9f4149874ce249fe713275cfd36d38ab9669

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe

Filesize
468KB

MD5
f01ba33d5234a53eeee9e1eb06415853

SHA1
056d9bd43aa58f8bd8e49599f2698912342bb6cd

SHA256
0ba91591bd7cf5cb8a725c7bc6f2872a61d5e635bdd7d269df92ed9c143264d3

SHA512
e9cece308cce18dc341bdaaff53b265c9ec90a44e9a2d2ea4ca015aceef4e261b9d775fa2e93929f48a481c2899c8f12e2899a6de502ae1e135afa3fa4c7cda7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54203.exe

Filesize
468KB

MD5
692a000adf94b0b45315061db59904c6

SHA1
045ea585884c7f4c6fdd4f9de3c8917e2f2f0d17

SHA256
7997c6eaed340f98839810618deb9a54b59a2c7d23fa166ed9151024e86eb4d1

SHA512
19d28b9af9a60f2073b852ce7e59123c8f812ade37ee88698f195229a0d6c9b97d9c7287404a10505fd038665359a1bcc7d282f255e6e726dc892b07ab226c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57882.exe

Filesize
468KB

MD5
e8b49d0d78cf81f3f4ef64f787bf9227

SHA1
77d52bf28d767668a5bca8bd8cb6f182d78940ea

SHA256
d08c4bae7c8eb550fe7ff255c443dc1262067802e93071219924c88142a068c0

SHA512
77a2cd139c5e95a3da25265b3db73cfc558464caf4235e3fb263c3f57b4455cef0644cc0d8acf06a6cc801e917f0d515de1ba150450139e403e33cc016ea9c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe

Filesize
468KB

MD5
f828b442ab26d2e0db96b6dc4b8d1402

SHA1
04c99648866d2e2a8bdf2baec3e3da034c55043b

SHA256
41c95a7c4ba40643e25c1f7c5ff5e7564ceffb106db5c05fa7a332368b4d7c86

SHA512
d9082e2894830817cbd1885e2e67c039b3046cd643c962f136e92a1323c8e237e5f02688fb56e2efa2c543cf47224d3665d31bc151dc92b054f90b085444f5cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe

Filesize
468KB

MD5
0457a61d80e461a326058968e7f0dd36

SHA1
3c0aeaf93d9edafe7fa73b0fbe4569bb555961d2

SHA256
6747dc0993d37a4e4f018f5791794b6d28137fbd47ef29865427121259d664dc

SHA512
7454ec4b14b541fede5d7ec5887bc50c1b22dee4d9f83a84701ba5849d7e13bfdb69c4da4ed544935fdeff223333bc94fd7a73e21d475a7d34d10d8d88742a72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe

Filesize
468KB

MD5
3320b4b5f50bc641b8f7e0b40f4e46b8

SHA1
439484d91da48085a22dce10a0b2bcbbd2a5bdf5

SHA256
4e07b3bfb53ee74e5d3d8ef1ddf7e0eb79635eae0b30cb98403f2a6240d4efe1

SHA512
55740030d6a5481c062a4991a4dfe2bf7cbb1a6e8b0c19a886c40547b73f03d5ab2f7bce12631ca5c86a136a966bd99067d487a1cdf110f5ec6c6691768ffeea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe

Filesize
468KB

MD5
8696f4dbb27f540c3e8ce43baf229262

SHA1
e57fc74761ac8ff2f3b9925cc720eda611ed80ea

SHA256
2a51b8b4db196f7e0d611981a1677e668143077acca0087259c4ece7d073f19c

SHA512
c247b1a593ebc174367ba2e408a173c2650067594e266e93bf335c511952f9f3316566d5008a5a636b32eefdac62dbca7f3287ef7c291fa29c323faa31a935b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe

Filesize
468KB

MD5
737fd6e24ac24a0a9b2e70bb142458e5

SHA1
7a279d2d6499ff4041d56ff0290982a654a1fbcf

SHA256
73213f5419c85004926f84347c3df1e92fc75a97ccbcccf6a9ca5faa1e82ad6b

SHA512
28b8cd69451762aa162fa14dfc27e477f9c16246a3a6fc11ce7dc75c9486e7ca94517694513b584ae3617bcf9b6b39492f41179d0c3763eae51b4a0e0c628263

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe

Filesize
468KB

MD5
8debb45e72c2386a59f1959ec3fcb58c

SHA1
9564220bfeb2b13386b18b291977497a26ea82f5

SHA256
3e658c9b32d80042a383e02f674f1b614678e6e7bba398f3a06d531ddda291df

SHA512
adc9ae5fe10d198c2ab52422efca0777b17726c7fd440889fc037214a9db29414fcd1646152da98f5bfcdd09c591985e01c37efbd65ffc113e190f38e610f72b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe

Filesize
468KB

MD5
49ac9ae00068e71ab1699834cdfe200e

SHA1
18f1248e8c46dd42caf294d6611fb3fa563344b1

SHA256
3649fccbf8c7172be010a179ad81572fcdbe00b02332c450c5fde2983dfb7340

SHA512
c787613866acb869c954fed116ea429a762355bc0673aca6975ea441831412c6480be51f1a9bd5bbd52399d25bfb70a03c042055f8b5388597aa4e0272fb5ebe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe

Filesize
468KB

MD5
f1d137a62204bfbffff89afd5a10a100

SHA1
bd4dca6bf65eb7b2951b80f6324243938b851a06

SHA256
1bf179608c10801183466f3ce0531724ac29376f232c24ad88e091e8917fefe3

SHA512
e4e84770492502ecd0a55ca31a6e9487c48125a3b52c2086339fb0b14a84f2a60aef9f0637a266e42d0fbbec2cccfafbb4855c593a5332dc63eeab7bf708f6d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe

Filesize
468KB

MD5
57b3822b0b02356a2c0145f44a03e560

SHA1
ecf992f2a88bb1551e46049352fdd68c32c5f454

SHA256
9eb872f20928ee5da307bdc349788c77a647cb4ecec97fda16bf3094e8c54802

SHA512
2c6d952bf77dd916d894c916b9beda82805c6d7dbc4830070b41ce899fac7266d9b95ad6fd22b560248ce3acc7e7c7b2f639ec8cb8eea4e79c895016f04b5fac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe

Filesize
468KB

MD5
1631d1e27cba0a7a4a551e355ace6349

SHA1
ea38f4c22029ddb2c501d09451e4b42b531f06bd

SHA256
ca8c9ba5cacc6f773a67253c684ae186a6df134156069dd480820df063dcdc23

SHA512
af369e1e2c9e559de6fcbd65c52f3f2d82c3a380488ce628e01e4ecadc730f8b6a1c0cbbb52b0eac89b696c63aee106a48dcb2b2a739af3f798e5380ee4a8546

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe

Filesize
468KB

MD5
0589ab1029ceeebee0fbf52307e066d6

SHA1
a47695ec58fd07df9d9313c4c4a509d55c330863

SHA256
2aa1acfe8ebe557a6d5366665cfef5ea99adbd20c5e947fa58b1fb5032f40a08

SHA512
bdcc4182adc17f0d86d8b3df18d981bef1ddf25d5db584e3c0172d1efa5355ce7b88fe875271dd313846d2c39efe0daef7f0f2d8ff5a753a86df5eb67cc01d97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe

Filesize
468KB

MD5
1aca5309820bf7256b496745b7d7075c

SHA1
54c75276e9abbf3d609132259bebd3e9bff967c6

SHA256
f2f84490d4f4789e0f78035c48ff2e189a52d6c12fae54d0cda4280ca8af59f1

SHA512
ee444b4d7c6e61273f6fef27ad908f017050dc8aad91a18fc30dccbed62e250cbc478481a2cedc94a4db32b17509dfad1b3415d4963d509c7e376c07a2bd72c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-845.exe

Filesize
468KB

MD5
ab816fdd2420c832bdb447252347f47b

SHA1
415e43bf200858e05e03fbc7dfdf0f0f9ddd6e1a

SHA256
424779fd45a5019576529ce5ace4b04fd28be7eceb2ea0205e0171a2f13ab185

SHA512
f09fb826f0c99b6d397572fd964f743b55605ac90d24717b795ae8b37897c35c9917231682f1f39ebf73b3b5a36a5d4153be6c77887ccd8cc1adb303f90523a4

Download Submit