983bf23f52530b3ed05411a26e019b845e03cafed474f2b458c0fbde40244979

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75df69ebe53f3f9176817702f6b58010N.exe
Size

468KB
MD5

75df69ebe53f3f9176817702f6b58010
SHA1

a1e2e65c5369de4d5b28a472bc03a4eb17209be5
SHA256

983bf23f52530b3ed05411a26e019b845e03cafed474f2b458c0fbde40244979
SHA512

72d392edf74156125c37c78c107ada82c81979d57e02bd65f671b7b1643f6987a6cefc0819b3199bb5923156850988b7117d12cb7d7798fb478321ecbf5f612f
SSDEEP

3072:1G3HogISIE5TtbY2HncOcf8/vChaP0p2bVHeTVPMQ7bL1AvgEElb:1G3obMTtxHcOcfSY5KQ7/qvgE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2116	Unicorn-64100.exe
2152	Unicorn-58475.exe
2672	Unicorn-6129.exe
2800	Unicorn-61137.exe
2772	Unicorn-56498.exe
2796	Unicorn-42200.exe
2776	Unicorn-15273.exe
2176	Unicorn-37131.exe
692	Unicorn-55076.exe
264	Unicorn-61900.exe
2400	Unicorn-17722.exe
2836	Unicorn-28481.exe
3012	Unicorn-6206.exe
2872	Unicorn-9191.exe
3024	Unicorn-12336.exe
1952	Unicorn-27251.exe
2336	Unicorn-2477.exe
1668	Unicorn-58312.exe
1148	Unicorn-7035.exe
2060	Unicorn-32848.exe
1968	Unicorn-32848.exe
1576	Unicorn-32848.exe
748	Unicorn-55276.exe
532	Unicorn-9604.exe
2408	Unicorn-9339.exe
768	Unicorn-46427.exe
1236	Unicorn-32691.exe
892	Unicorn-52557.exe
1672	Unicorn-30090.exe
2944	Unicorn-36221.exe
2444	Unicorn-211.exe
1320	Unicorn-46226.exe
2300	Unicorn-34912.exe
1220	Unicorn-16927.exe
1564	Unicorn-6837.exe
2928	Unicorn-7990.exe
2616	Unicorn-49053.exe
2768	Unicorn-55484.exe
2680	Unicorn-11498.exe
2936	Unicorn-55868.exe
2532	Unicorn-55868.exe
2364	Unicorn-35706.exe
2788	Unicorn-21970.exe
2596	Unicorn-41836.exe
2192	Unicorn-46392.exe
3040	Unicorn-720.exe
2404	Unicorn-40335.exe
2392	Unicorn-60201.exe
1760	Unicorn-52334.exe
2384	Unicorn-52069.exe
2824	Unicorn-32468.exe
2592	Unicorn-10616.exe
2888	Unicorn-21966.exe
3016	Unicorn-56868.exe
1248	Unicorn-3907.exe
2492	Unicorn-45510.exe
1080	Unicorn-5053.exe
1252	Unicorn-37461.exe
1188	Unicorn-17113.exe
1584	Unicorn-30848.exe
1348	Unicorn-3538.exe
1012	Unicorn-61711.exe
1620	Unicorn-23824.exe
1524	Unicorn-26813.exe

Loads dropped DLL 64 IoCs

pid	Process
468	75df69ebe53f3f9176817702f6b58010N.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
2116	Unicorn-64100.exe
2116	Unicorn-64100.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
2672	Unicorn-6129.exe
2116	Unicorn-64100.exe
2152	Unicorn-58475.exe
2116	Unicorn-64100.exe
2152	Unicorn-58475.exe
2672	Unicorn-6129.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
2796	Unicorn-42200.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
2796	Unicorn-42200.exe
2772	Unicorn-56498.exe
2772	Unicorn-56498.exe
2152	Unicorn-58475.exe
2152	Unicorn-58475.exe
2800	Unicorn-61137.exe
2800	Unicorn-61137.exe
2116	Unicorn-64100.exe
2116	Unicorn-64100.exe
2672	Unicorn-6129.exe
2672	Unicorn-6129.exe
2776	Unicorn-15273.exe
2776	Unicorn-15273.exe
2176	Unicorn-37131.exe
2176	Unicorn-37131.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
468	75df69ebe53f3f9176817702f6b58010N.exe
692	Unicorn-55076.exe
692	Unicorn-55076.exe
2796	Unicorn-42200.exe
2796	Unicorn-42200.exe
3012	Unicorn-6206.exe
264	Unicorn-61900.exe
3012	Unicorn-6206.exe
264	Unicorn-61900.exe
2836	Unicorn-28481.exe
2836	Unicorn-28481.exe
2772	Unicorn-56498.exe
2772	Unicorn-56498.exe
2872	Unicorn-9191.exe
2872	Unicorn-9191.exe
2116	Unicorn-64100.exe
2116	Unicorn-64100.exe
2672	Unicorn-6129.exe
2672	Unicorn-6129.exe
2800	Unicorn-61137.exe
2400	Unicorn-17722.exe
2800	Unicorn-61137.exe
2400	Unicorn-17722.exe
2152	Unicorn-58475.exe
3024	Unicorn-12336.exe
3024	Unicorn-12336.exe
2152	Unicorn-58475.exe
2776	Unicorn-15273.exe
2776	Unicorn-15273.exe
1952	Unicorn-27251.exe
1952	Unicorn-27251.exe

Program crash 50 IoCs

pid	pid_target	Process	procid_target
2016	748	WerFault.exe	52
2468	2300	WerFault.exe	62
2632	2336	WerFault.exe	46
2764	1564	WerFault.exe	64
2720	2408	WerFault.exe	54
2668	1220	WerFault.exe	63
1984	3040	WerFault.exe	75
2540	2060	WerFault.exe	49
2644	2928	WerFault.exe	65
2324	1968	WerFault.exe	50
2880	2768	WerFault.exe	67
1516	2824	WerFault.exe	80
1816	1760	WerFault.exe	78
3092	1752	WerFault.exe	118
3108	2888	WerFault.exe	82
3528	2492	WerFault.exe	86
3508	2680	WerFault.exe	68
3632	2592	WerFault.exe	81
3624	1320	WerFault.exe	61
3612	532	WerFault.exe	53
3576	2392	WerFault.exe	77
3556	2872	WerFault.exe	43
3704	1672	WerFault.exe	58
3296	3008	WerFault.exe	116
548	1824	WerFault.exe	110
3988	1252	WerFault.exe	88
3316	888	WerFault.exe	124
3496	1080	WerFault.exe	87
3360	2092	WerFault.exe	114
3932	1524	WerFault.exe	94
4208	1236	WerFault.exe	56
4616	2548	WerFault.exe	105
4108	1188	WerFault.exe	89
4404	1012	WerFault.exe	92
4384	2472	WerFault.exe	98
4432	1484	WerFault.exe	149
4728	2596	WerFault.exe	73
4496	2384	WerFault.exe	79
5448	1576	WerFault.exe	51
5672	1348	WerFault.exe	91
5680	768	WerFault.exe	55
5736	1620	WerFault.exe	93
5744	1404	WerFault.exe	109
5388	4248	WerFault.exe	358
5328	2812	WerFault.exe	107
5720	2292	WerFault.exe	115
5700	3012	WerFault.exe	42
6052	2836	WerFault.exe	41
6172	2340	WerFault.exe	132
6416	2532	WerFault.exe	70

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17064.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
468	75df69ebe53f3f9176817702f6b58010N.exe
2116	Unicorn-64100.exe
2152	Unicorn-58475.exe
2672	Unicorn-6129.exe
2796	Unicorn-42200.exe
2772	Unicorn-56498.exe
2800	Unicorn-61137.exe
2776	Unicorn-15273.exe
2176	Unicorn-37131.exe
692	Unicorn-55076.exe
264	Unicorn-61900.exe
2400	Unicorn-17722.exe
2836	Unicorn-28481.exe
2872	Unicorn-9191.exe
3024	Unicorn-12336.exe
3012	Unicorn-6206.exe
1952	Unicorn-27251.exe
2336	Unicorn-2477.exe
1668	Unicorn-58312.exe
1148	Unicorn-7035.exe
2060	Unicorn-32848.exe
1968	Unicorn-32848.exe
1576	Unicorn-32848.exe
2408	Unicorn-9339.exe
1236	Unicorn-32691.exe
768	Unicorn-46427.exe
2944	Unicorn-36221.exe
892	Unicorn-52557.exe
532	Unicorn-9604.exe
748	Unicorn-55276.exe
1672	Unicorn-30090.exe
2444	Unicorn-211.exe
1320	Unicorn-46226.exe
2300	Unicorn-34912.exe
1220	Unicorn-16927.exe
1564	Unicorn-6837.exe
2928	Unicorn-7990.exe
2616	Unicorn-49053.exe
2680	Unicorn-11498.exe
2768	Unicorn-55484.exe
2936	Unicorn-55868.exe
2532	Unicorn-55868.exe
2364	Unicorn-35706.exe
2596	Unicorn-41836.exe
2788	Unicorn-21970.exe
2192	Unicorn-46392.exe
3040	Unicorn-720.exe
2824	Unicorn-32468.exe
1760	Unicorn-52334.exe
2392	Unicorn-60201.exe
2384	Unicorn-52069.exe
2592	Unicorn-10616.exe
2404	Unicorn-40335.exe
2888	Unicorn-21966.exe
3016	Unicorn-56868.exe
1248	Unicorn-3907.exe
2492	Unicorn-45510.exe
1080	Unicorn-5053.exe
1252	Unicorn-37461.exe
1188	Unicorn-17113.exe
1584	Unicorn-30848.exe
1348	Unicorn-3538.exe
1012	Unicorn-61711.exe
1620	Unicorn-23824.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 2116	468	75df69ebe53f3f9176817702f6b58010N.exe	30
PID 468 wrote to memory of 2116	468	75df69ebe53f3f9176817702f6b58010N.exe	30
PID 468 wrote to memory of 2116	468	75df69ebe53f3f9176817702f6b58010N.exe	30
PID 468 wrote to memory of 2116	468	75df69ebe53f3f9176817702f6b58010N.exe	30
PID 2116 wrote to memory of 2152	2116	Unicorn-64100.exe	31
PID 2116 wrote to memory of 2152	2116	Unicorn-64100.exe	31
PID 2116 wrote to memory of 2152	2116	Unicorn-64100.exe	31
PID 2116 wrote to memory of 2152	2116	Unicorn-64100.exe	31
PID 468 wrote to memory of 2672	468	75df69ebe53f3f9176817702f6b58010N.exe	32
PID 468 wrote to memory of 2672	468	75df69ebe53f3f9176817702f6b58010N.exe	32
PID 468 wrote to memory of 2672	468	75df69ebe53f3f9176817702f6b58010N.exe	32
PID 468 wrote to memory of 2672	468	75df69ebe53f3f9176817702f6b58010N.exe	32
PID 2116 wrote to memory of 2800	2116	Unicorn-64100.exe	34
PID 2116 wrote to memory of 2800	2116	Unicorn-64100.exe	34
PID 2116 wrote to memory of 2800	2116	Unicorn-64100.exe	34
PID 2116 wrote to memory of 2800	2116	Unicorn-64100.exe	34
PID 2152 wrote to memory of 2772	2152	Unicorn-58475.exe	35
PID 2152 wrote to memory of 2772	2152	Unicorn-58475.exe	35
PID 2152 wrote to memory of 2772	2152	Unicorn-58475.exe	35
PID 2152 wrote to memory of 2772	2152	Unicorn-58475.exe	35
PID 2672 wrote to memory of 2776	2672	Unicorn-6129.exe	33
PID 2672 wrote to memory of 2776	2672	Unicorn-6129.exe	33
PID 2672 wrote to memory of 2776	2672	Unicorn-6129.exe	33
PID 2672 wrote to memory of 2776	2672	Unicorn-6129.exe	33
PID 468 wrote to memory of 2796	468	75df69ebe53f3f9176817702f6b58010N.exe	36
PID 468 wrote to memory of 2796	468	75df69ebe53f3f9176817702f6b58010N.exe	36
PID 468 wrote to memory of 2796	468	75df69ebe53f3f9176817702f6b58010N.exe	36
PID 468 wrote to memory of 2796	468	75df69ebe53f3f9176817702f6b58010N.exe	36
PID 468 wrote to memory of 2176	468	75df69ebe53f3f9176817702f6b58010N.exe	37
PID 468 wrote to memory of 2176	468	75df69ebe53f3f9176817702f6b58010N.exe	37
PID 468 wrote to memory of 2176	468	75df69ebe53f3f9176817702f6b58010N.exe	37
PID 468 wrote to memory of 2176	468	75df69ebe53f3f9176817702f6b58010N.exe	37
PID 2796 wrote to memory of 692	2796	Unicorn-42200.exe	38
PID 2796 wrote to memory of 692	2796	Unicorn-42200.exe	38
PID 2796 wrote to memory of 692	2796	Unicorn-42200.exe	38
PID 2796 wrote to memory of 692	2796	Unicorn-42200.exe	38
PID 2772 wrote to memory of 264	2772	Unicorn-56498.exe	39
PID 2772 wrote to memory of 264	2772	Unicorn-56498.exe	39
PID 2772 wrote to memory of 264	2772	Unicorn-56498.exe	39
PID 2772 wrote to memory of 264	2772	Unicorn-56498.exe	39
PID 2152 wrote to memory of 2400	2152	Unicorn-58475.exe	40
PID 2152 wrote to memory of 2400	2152	Unicorn-58475.exe	40
PID 2152 wrote to memory of 2400	2152	Unicorn-58475.exe	40
PID 2152 wrote to memory of 2400	2152	Unicorn-58475.exe	40
PID 2800 wrote to memory of 2836	2800	Unicorn-61137.exe	41
PID 2800 wrote to memory of 2836	2800	Unicorn-61137.exe	41
PID 2800 wrote to memory of 2836	2800	Unicorn-61137.exe	41
PID 2800 wrote to memory of 2836	2800	Unicorn-61137.exe	41
PID 2116 wrote to memory of 3012	2116	Unicorn-64100.exe	42
PID 2116 wrote to memory of 3012	2116	Unicorn-64100.exe	42
PID 2116 wrote to memory of 3012	2116	Unicorn-64100.exe	42
PID 2116 wrote to memory of 3012	2116	Unicorn-64100.exe	42
PID 2672 wrote to memory of 2872	2672	Unicorn-6129.exe	43
PID 2672 wrote to memory of 2872	2672	Unicorn-6129.exe	43
PID 2672 wrote to memory of 2872	2672	Unicorn-6129.exe	43
PID 2672 wrote to memory of 2872	2672	Unicorn-6129.exe	43
PID 2776 wrote to memory of 3024	2776	Unicorn-15273.exe	44
PID 2776 wrote to memory of 3024	2776	Unicorn-15273.exe	44
PID 2776 wrote to memory of 3024	2776	Unicorn-15273.exe	44
PID 2776 wrote to memory of 3024	2776	Unicorn-15273.exe	44
PID 2176 wrote to memory of 1952	2176	Unicorn-37131.exe	45
PID 2176 wrote to memory of 1952	2176	Unicorn-37131.exe	45
PID 2176 wrote to memory of 1952	2176	Unicorn-37131.exe	45
PID 2176 wrote to memory of 1952	2176	Unicorn-37131.exe	45

C:\Users\Admin\AppData\Local\Temp\75df69ebe53f3f9176817702f6b58010N.exe
"C:\Users\Admin\AppData\Local\Temp\75df69ebe53f3f9176817702f6b58010N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        8⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 228
        8⤵
        Program crash
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        7⤵
        Program crash
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        7⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        7⤵
        Program crash
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2167.exe
        6⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44091.exe
        6⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
        6⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21680.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
        6⤵
        Program crash
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49138.exe
        6⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7713.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63043.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        6⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        6⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62467.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe
        5⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
        5⤵
        
        PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
        7⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 248
        7⤵
        Program crash
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54270.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57107.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57729.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35789.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        6⤵
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 244
        6⤵
        Program crash
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        5⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36511.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16772.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        5⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18967.exe
        6⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37906.exe
        7⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
        7⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
        7⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        7⤵
        
        PID:5932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        6⤵
        Program crash
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        5⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
        6⤵
        Program crash
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        5⤵
        
        PID:2964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        5⤵
        Program crash
        
        PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        5⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31790.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        5⤵
        
        PID:4148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 224
        5⤵
        Program crash
        
        PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
      4⤵
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55696.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        5⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        5⤵
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51805.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63093.exe
      4⤵
      PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
        7⤵
        Program crash
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        7⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
        7⤵
        Program crash
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58733.exe
        6⤵
        
        PID:5016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 248
        6⤵
        Program crash
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        6⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43008.exe
        5⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43707.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        5⤵
        
        PID:5692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 228
        5⤵
        Program crash
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        6⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 244
        7⤵
        Program crash
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        6⤵
        
        PID:1156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        6⤵
        Program crash
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        6⤵
        
        PID:2568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
        6⤵
        Program crash
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        5⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        5⤵
        
        PID:3744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 244
        5⤵
        Program crash
        
        PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8896.exe
        6⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        5⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14989.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
      4⤵
      PID:616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35828.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
      4⤵
      PID:5840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        6⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        6⤵
        
        PID:5500
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        5⤵
        Program crash
        
        PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36424.exe
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
        6⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        5⤵
        
        PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
      4⤵
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        5⤵
        
        PID:6100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 228
        5⤵
        Program crash
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45857.exe
      4⤵
      PID:5656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 248
      4⤵
      Program crash
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
        5⤵
        Executes dropped EXE
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
        6⤵
        Program crash
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40175.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        6⤵
        
        PID:6536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
        5⤵
        Program crash
        
        PID:3108
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
      4⤵
      Program crash
      PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64205.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43733.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
      4⤵
      PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
    3⤵
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
      4⤵
      PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
      4⤵
      PID:6468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
    3⤵
    PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
    3⤵
    PID:5844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42202.exe
    3⤵
    PID:5944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
        8⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 228
        8⤵
        Program crash
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        7⤵
        Program crash
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        6⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26476.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        6⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        6⤵
        Program crash
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32185.exe
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        5⤵
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        5⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
        5⤵
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43897.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
        7⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 228
        7⤵
        Program crash
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64091.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        6⤵
        
        PID:5608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 228
        6⤵
        Program crash
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        6⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7306.exe
        6⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47365.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35105.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2702.exe
        5⤵
        
        PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30008.exe
        6⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37195.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        6⤵
        
        PID:5724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 224
        6⤵
        Program crash
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
        5⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 244
        5⤵
        Program crash
        
        PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34739.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
      4⤵
      PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
      4⤵
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
      4⤵
      PID:5572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        6⤵
        
        PID:5228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 248
        6⤵
        Program crash
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51141.exe
        5⤵
        
        PID:2664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 220
        5⤵
        Program crash
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
        5⤵
        
        PID:3388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 248
        5⤵
        Program crash
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
      4⤵
      PID:1764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
      4⤵
      Program crash
      PID:3556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        5⤵
        
        PID:1532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
        5⤵
        Program crash
        
        PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
      4⤵
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
      4⤵
      PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
      4⤵
      PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
      4⤵
      PID:4596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 248
      4⤵
      Program crash
      PID:5680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
      4⤵
      PID:2056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 216
      4⤵
      Program crash
      PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64904.exe
    3⤵
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
      4⤵
      PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
      4⤵
      PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27691.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9057.exe
    3⤵
    PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
    3⤵
    PID:4328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14930.exe
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
    3⤵
    PID:5824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
    3⤵
    PID:5688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        6⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        6⤵
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 248
        6⤵
        Program crash
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        5⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17532.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18743.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        5⤵
        
        PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        5⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5119.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22595.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        5⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33208.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34865.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
      4⤵
      PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
      4⤵
      PID:5852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 244
        5⤵
        Program crash
        
        PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6334.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7489.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22631.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61234.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
      4⤵
      PID:5368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
      4⤵
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        5⤵
        
        PID:3488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 244
        5⤵
        Program crash
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
      4⤵
      PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
      4⤵
      PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
      4⤵
      PID:6324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
    3⤵
    PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
      4⤵
      PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
      4⤵
      PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62076.exe
    3⤵
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
    3⤵
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
    3⤵
    PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45353.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        5⤵
        
        PID:1960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        5⤵
        Program crash
        
        PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
        5⤵
        
        PID:3448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 248
        5⤵
        Program crash
        
        PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
      4⤵
      PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
      4⤵
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
      4⤵
      PID:5220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 220
      4⤵
      Program crash
      PID:2468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
    3⤵
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
      4⤵
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
      4⤵
      PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
    3⤵
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
      4⤵
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
    3⤵
    PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
    3⤵
    PID:5092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
    3⤵
    PID:5068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        6⤵
        
        PID:5348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        5⤵
        Program crash
        
        PID:1816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
      4⤵
      Program crash
      PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        5⤵
        
        PID:4248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 188
        6⤵
        Program crash
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6892.exe
        5⤵
        
        PID:6444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
      4⤵
      Program crash
      PID:1516
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
    3⤵
    - Program crash
    PID:2632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1564
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
    3⤵
    - Program crash
    PID:2764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
  2⤵
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
    3⤵
    PID:4532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52797.exe
    3⤵
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28357.exe
    3⤵
    PID:5320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
  2⤵
  PID:1636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56568.exe
  2⤵
  PID:3696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
  2⤵
  PID:3352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
  2⤵
  PID:4472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
  2⤵
  PID:6120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe

Filesize
468KB

MD5
e237eaf537825e018ffeea3bf01c2773

SHA1
6bf144bf924d43a7caa3f6289260f0065d452b63

SHA256
1099c111a307a265934863db209ee6d430450773bfade1275d265c33fe54e0cd

SHA512
a2805d45736ced4b64f3adf7ba14fa3c2324e3b735f94003d879d1e0e50cfb06b34c7da62a813eca60e51aab4946f164f854a7d73b780221a66b32d944f8f05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe

Filesize
468KB

MD5
0ae62416d3f32e1e5b8c7ddf98066d07

SHA1
42cafeb2d6154d369504f1b32bd1bbff6a61f270

SHA256
7c1d3d0d6b23e8116edfbecf3f31f7e906bc248bccaa65c5a48133f3c03fd336

SHA512
01cb9205f603b0d878daceba85d8144c25c8fa0f61e23171dfe4e72a05a3cf648d6267ebebe4400381a2794d4bcaa30ef7f563201d09fd1b3147f7f14a42c10a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe

Filesize
468KB

MD5
1349e2425571c84a021c2c5832670d70

SHA1
a1f7e097fc97f7cf43ae72ab9a0f902086a68375

SHA256
a81b0314d0c89f0cb461dd5344a9f00e125e31462ceeee385edb672d54a66af6

SHA512
4eb69a89e59ee2342033121dae6f44feb83d10da44adbe046e67bac952c5567060df81534303ec8b964d3a20d7f1940451fb8d4f9031805607b194800368aaae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe

Filesize
468KB

MD5
dfce28ed131e8f6fbedba36188e6fe81

SHA1
ea836de8358ae61a21be8399bb0da9574a2b8f46

SHA256
2cc17391ba4eca57c209047fc620b5b2abee617eb49875cc30d129687996efe7

SHA512
35f74c941046f137be12e199cf535a3ca757516124b1e5da60a115e999f1c047fcc5b63e3c9a3b7151c0ce270bd3d7e22145ca511d01f894990901c2c093532c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe

Filesize
468KB

MD5
7c1aed409e9002c6476563e69a6d7aca

SHA1
5725975109f49c069fe472df9523396dae51ccd6

SHA256
9c60f692b926fb054718da2f7a4cc9a825b12ee25ee4196be44b9d42591606c6

SHA512
31a2c7bb67b8ce624e52853cbb2b7c23944e3ad418e0aa85f6974c1223fde3f9db532ba061744ae5193005c6db6515f402b55e5ebc6a2677441b4684cd6e3a51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe

Filesize
468KB

MD5
0a517398d855a9a2a4597fa1b9a3d569

SHA1
f75f8df7d9527cd3e6b965ba4c731d1fbed01948

SHA256
03fbce00b0a04ecf36e5635a3a2beb30fce2c7d897c5b6187d257a49f31ff799

SHA512
3a348674f0ade690a58379065c6dc77a76bf063c2825181b1f566aea36296442904f3d65953c3ea34d0aedeb6e7b14266854542bce09493f4ca438cd09ec10ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56498.exe

Filesize
468KB

MD5
c4cbfdec4f137dfc88af9cbea44a2090

SHA1
e21c72c3188a4704f7afcb0ab45ce163e764b7d8

SHA256
1330f93fb4bd7122e4a1062e3460b003cd7b80ece77f8ab54a206509e9c454a0

SHA512
974d2f100c7efd03d95c3b3260919dc7be8c6dc319938dbfd303000bfc30b3afd405efd9eb14f3257bd867febaaa141f70e72ecfdc581c20243bf29688fb76df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe

Filesize
468KB

MD5
34475b7f2accac3d90a52dc000802dff

SHA1
9627fa6550c55b4c750381483430845730cfd11c

SHA256
2dbd91d4a9269a7726035c3c174769b47f08db6c2da838b033b4dc45508c1e44

SHA512
6e96a31f11a659d605ad7ef8e5d2bb2d8b5ae7577750e7d7951128aa3a0da39fa4764002da26f1af07ea628c6a32829ed4bf413704c8500e18296e9acb98c198

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe

Filesize
468KB

MD5
7b1b885c2a1348df5e6ee09256fe2473

SHA1
fd847d530d7b7a5d5c0a6500449427e2cffa721a

SHA256
b8d33ff853c928d36b2d48c8009227d371f7f3383994bc22b1199be061248b07

SHA512
a6704a2ade528067b6568511bb56848c291640169f7299a024d2e498878bfd9905d94365131131c242a9437caf2f2189c725f90b42f61273a5ce1e0cc4bf3aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe

Filesize
468KB

MD5
69106f3bb8f9bde162fad57e1466b2f2

SHA1
6c2b7b786b9d628a0e5a4a1c3f0034f737c5cd80

SHA256
c3f7309e0a54a1dab63ae85f110f666895701f01bccb23fb0693af875894c101

SHA512
02e412adaa170b6cb5643f062bd19175c5b6eca2086156c55690947eb96cd75c25f355899f43c9912ab44408007e5c4b453d2188f665ddc6eda5d0b65104a039

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe

Filesize
468KB

MD5
9721f0782cd2177a53e11440d244e8f7

SHA1
d2e1f01d9ac7f4de398ea2deefe136fd90bf0ccf

SHA256
ab0a17ee6d4357d108965c77d7180cbdaa0080ab572c577bb0a216c5e2e5614b

SHA512
02ff3055e8f158efa244d75f5756a81b11b0c3c4d22196c35d5d2f59a9c9b61d13a884da0697ca8083bf4c8a5050e7d443f220e2e65f3f5365e70e31de7bb3d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe

Filesize
468KB

MD5
393c00fb5c8bb25d5b23224c3e3d04bc

SHA1
0df73d15e80c567a2f01fa38cea43b95b5124004

SHA256
b4a73cb922a0278a4a4e2ccae4903b059f443cad5fc21f560ff9c2a0d11fe436

SHA512
9bb1109d916d1b1ed723af0c127f7678d8e309b7d7cd9c8d926f8f4ece9195a850a2d3bb45949ad32a6a8d31a719fda92bcdc115d8269669487621d7e0f7c995

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe

Filesize
468KB

MD5
50665989a774ea83f310ac05b27e86d7

SHA1
4c4f06afb73a7e51ca4c48a5488cbfdb9f4e235e

SHA256
8bd78b0ca3b59dc0c8053fdae2350a3c9091bf964349086b85899587e148c187

SHA512
6a9e177468f6f95a167c94ae3702d75005c2833e5bec46797ee51627a33194e543c744134a3c9a6a5443cd8db327bbf3bf6234af123c67feb406a954a0eb23b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe

Filesize
468KB

MD5
2e3ee55c960a1e2ca577c8042484bbf4

SHA1
9a55cc677b8c8ec60347773392ac07df9f0d2443

SHA256
8398d3a15275b6e286f90b1cdde13ae8c8cac7053f1c88d31d63d0add822b734

SHA512
3c28ff5913eb5a05bd6fe361475226519495176f366f39ea660647075b6f4d04b27312d46d3141eff544e00e870a5ce82f47040e1d94218deb27d8dd17201047

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe

Filesize
468KB

MD5
7de7a41fabad8f64b791d1410b3664cc

SHA1
17a9db3e3ed93e6289946c745d269d2e6bb56109

SHA256
afa06bd49a814fdc0a7190ed68fab677273595f085f1c827a9706981ecdb369b

SHA512
59184413b02fb4fc05b167b148d7bd6f1e8644a4d47d86e6b7398abc227bef8cb2b1718907c7bb77022d21ff651573c41a0407610781f923f106ab3cb3a4ae60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe

Filesize
468KB

MD5
b5c249ae32c54b3f395107ca33492fd6

SHA1
f459edb1f3eb0dda2cd86026e1a07ed56cfd786d

SHA256
dd9e31325c9f213823d4ff57ce4bdd9dabe8869abee0c960a70b62a03287ec96

SHA512
f3d240494b03ed070778b7fa8c4fc3c3508579d32c1e6d3b6aabc4eb1fd78251031167e161777f4e0277a4dc8600437c3bf4a1b1299c2708f9f07e178ff875af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe

Filesize
468KB

MD5
f84d6b29d6789331f17d16df9744ead7

SHA1
2ba69913a3ef55bc1bf147c5a5220c7ad99ea643

SHA256
9a5eec51fd6ad8f7af51101ab4e5c114e7de1d42615d7d78c4cf8692528427ae

SHA512
80468b3f5184b46053426ef5c6b6489eee7c712d3b493a8a601cd3032847e3d850b785bee82366f7d8b9e55b2be53faa804f90d6b373afd0d3704cd4596738fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe

Filesize
468KB

MD5
0ded0fc74d5cee2ca8560e100a9ed951

SHA1
4859f2e43b1e64933c35630fc2dbf4937c7f589e

SHA256
8104ae71e9a3bf2cc704ef9ae7022015cb750a8aff63f8cda712cb64c1b7e21c

SHA512
eda24ab5674810bd57ff1686abc318958c7fee9d95df4ac8b13fafd5619088b3fc7e9e13d33eae37b7f2595b19c5e48e9c7ae82cd746b8b5543f5d4f36550e38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe

Filesize
468KB

MD5
5dac818eae1e4f7802c24245597d17d9

SHA1
e0dce2f74f3ee620d5dfbba6d2eafc1d7a987c64

SHA256
6491d49be0feddaed50cdbc59fed43ec6aeb3f7a62a351a9604760aa59e56945

SHA512
562a6481477b1b75c0859797e06cba283d0f5523588ec6245a895d9e37f237be86655f5f0f78fa4e4ff63b8b2b24351eaabdbce3921a789fcc8f8d8a3fa35916

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe

Filesize
468KB

MD5
72671439622e89d34f6a51070d07c105

SHA1
ce8cc3f09a79e46fc67b6b436ca5490602a274c8

SHA256
042c4e006de3d66851e0c2ddee4bf329e9fbe1e87a62557ec8332baadcf6568c

SHA512
056926ca6248195a1bfae648350f7b7ebc31586351cb0d89c65041ed6bd57485db178711eb73857fabd5a4421060e20538988deb682ec32f0f500a1480479ea2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe

Filesize
468KB

MD5
d7deceb6434ce0dbd6fe19cd6f3bd927

SHA1
7ac9db53a284cc6ca0bf7aa4ede28147fedef5a8

SHA256
79281e911f7e8f2a652bd6a36e7d124eba5750f77d37717e6c611798ecb6a43c

SHA512
3ad7fd4ad46ac29cd518f7ab6ab8708e97f18f068c1f48c651ebe6ca2161301f671d3e38344038c02f707dbbf02892ba27ffae425d9bbbb89bdaaefb71702438

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe

Filesize
468KB

MD5
ce6f9eccc734b55335f939577fd4df8f

SHA1
fae6b1fd82a0cef507a01ad91b62ad65a68b1253

SHA256
d4106515e03c7aed5b76411873cd48bec3402ed60c92ead695979214abd74727

SHA512
f1a6b8218e64801dda6058d8d3effc48ed2175d1a96a7efe624fceabf3cf98f9c4623ea7bd287874bfb6695d9f1a346b8968d43a720ab550e623ad7514030095

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe

Filesize
468KB

MD5
4ebdb8301a1ffa0e5292a46a283445e9

SHA1
76f1b8d07aac6cad4425e4c5a2a64d84ad3c2a96

SHA256
f41eef6e9f540bb672a4d3acc92b811c60e229a8dccd36ce62954608c1958693

SHA512
0920558dc80301beeb242578d611ab35e55eddaa9121f18f7f13695dd62c15008e724d4f80f504ba9e076599f11597cef0dc80c09d6c6f5ca49becf10cdfe843

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64100.exe

Filesize
468KB

MD5
4390e8befb5c64f75a87fa893c2d4913

SHA1
150ab4e52ffb8e53f5573341c16a3566a2f65bad

SHA256
50efcf67cae997fe1f39316e9c9233308347950d191e409fa15bd599b6943f74

SHA512
3e9292ebdb29fc8aeb8c691c168ae4248879494a5b7c552b437295a2f252081c60907cffb11dd01a4d662ceefc60cc8f96afb80630a7b92b79cb88daef7ab594

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe

Filesize
468KB

MD5
94ecdd881b777d35c2df5d26d2d03e5e

SHA1
ddc57aa2ba36f34b0135434840140e290d276927

SHA256
02bbd7d6438796da88174fe39ff4b31592e1e0dd5003b5b0572040a9645cd79b

SHA512
15bac2fd96a03b4f1d7e2d164b4c2a1029d938e4a9972aecfe870cc630cb966a7fce08d52391f9c57d13adebb0974e230627bd462541c8d43052fd0829088de3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe

Filesize
468KB

MD5
08a39117b012b2443a8bf5b75f2d8748

SHA1
83a7fb84f8fd22c8b6cf8eedfdb4285464c681d3

SHA256
e7b84b4a55df56f1b8cb873fbd7f0d44988909ea00e0149330e53ee853f9588a

SHA512
f65d84363deecef73f87c65bdec181063362a233a1df8aae7a5f75c6a34e4c32f7f550a15d343b5a7d5599d5510a1508caf28e55c42cb18ccc50f3b23f3b8bef

Download Submit