a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 23:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
Size

468KB
MD5

0fa9c81eccf33d28b344586aa1cc0360
SHA1

9e805797f418077c291029eeba50e43b63ed0e15
SHA256

a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517
SHA512

a562c735f8d4989ac36ff845b0d244507d783d65a0c1a3e48f31907769c15c83734f82e828a528b29dfccee7b84d143d7e602c101f261704e3f069d7f8e4e4c6
SSDEEP

3072:1G3HogISIE5TtbY2HLcOnf8/zCQaP0pkJVHeTVPyJ65L77gQpxlL:1G3obMTtxHwOnfBY10J6V/gQp

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2696	Unicorn-3277.exe
2760	Unicorn-29811.exe
2920	Unicorn-48840.exe
2660	Unicorn-33978.exe
2564	Unicorn-22280.exe
2496	Unicorn-9565.exe
2604	Unicorn-15696.exe
2524	Unicorn-20896.exe
1568	Unicorn-14765.exe
1692	Unicorn-7081.exe
2880	Unicorn-49795.exe
1772	Unicorn-30194.exe
2584	Unicorn-50060.exe
2152	Unicorn-38362.exe
1324	Unicorn-21555.exe
2416	Unicorn-26193.exe
2196	Unicorn-25447.exe
988	Unicorn-4926.exe
2220	Unicorn-11056.exe
916	Unicorn-49878.exe
1756	Unicorn-50143.exe
832	Unicorn-27585.exe
2512	Unicorn-26822.exe
1116	Unicorn-46614.exe
1760	Unicorn-39837.exe
2628	Unicorn-28139.exe
2764	Unicorn-48005.exe
1564	Unicorn-50619.exe
2480	Unicorn-29806.exe
1328	Unicorn-49027.exe
768	Unicorn-11523.exe
2460	Unicorn-52456.exe
1584	Unicorn-56256.exe
2796	Unicorn-18108.exe
2672	Unicorn-3163.exe
2720	Unicorn-58129.exe
2440	Unicorn-22022.exe
1516	Unicorn-38550.exe
2600	Unicorn-18684.exe
3004	Unicorn-38550.exe
408	Unicorn-24160.exe
3016	Unicorn-4294.exe
448	Unicorn-63054.exe
1228	Unicorn-14838.exe
2756	Unicorn-52291.exe
1952	Unicorn-34082.exe
2856	Unicorn-27951.exe
536	Unicorn-64808.exe
1696	Unicorn-4102.exe
1976	Unicorn-47081.exe
2080	Unicorn-32136.exe
2212	Unicorn-23205.exe
2960	Unicorn-38834.exe
664	Unicorn-39318.exe
2436	Unicorn-62431.exe
932	Unicorn-2369.exe
2120	Unicorn-39026.exe
1540	Unicorn-45156.exe
1484	Unicorn-14984.exe
1864	Unicorn-34850.exe
2984	Unicorn-16302.exe
1500	Unicorn-16568.exe
2352	Unicorn-21782.exe
2096	Unicorn-41648.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2696	Unicorn-3277.exe
2696	Unicorn-3277.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2760	Unicorn-29811.exe
2760	Unicorn-29811.exe
2696	Unicorn-3277.exe
2696	Unicorn-3277.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2920	Unicorn-48840.exe
2920	Unicorn-48840.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2696	Unicorn-3277.exe
2696	Unicorn-3277.exe
2564	Unicorn-22280.exe
2564	Unicorn-22280.exe
2496	Unicorn-9565.exe
2496	Unicorn-9565.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2920	Unicorn-48840.exe
2604	Unicorn-15696.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2920	Unicorn-48840.exe
2604	Unicorn-15696.exe
2760	Unicorn-29811.exe
2760	Unicorn-29811.exe
1372	WerFault.exe
1372	WerFault.exe
1372	WerFault.exe
1372	WerFault.exe
1372	WerFault.exe
2524	Unicorn-20896.exe
2524	Unicorn-20896.exe
2564	Unicorn-22280.exe
2564	Unicorn-22280.exe
1772	Unicorn-30194.exe
1772	Unicorn-30194.exe
1568	Unicorn-14765.exe
2920	Unicorn-48840.exe
1568	Unicorn-14765.exe
2920	Unicorn-48840.exe
2696	Unicorn-3277.exe
2880	Unicorn-49795.exe
2696	Unicorn-3277.exe
2880	Unicorn-49795.exe
1692	Unicorn-7081.exe
1692	Unicorn-7081.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2496	Unicorn-9565.exe
2496	Unicorn-9565.exe
2584	Unicorn-50060.exe
2584	Unicorn-50060.exe
2604	Unicorn-15696.exe
2604	Unicorn-15696.exe
2152	Unicorn-38362.exe
2152	Unicorn-38362.exe
2760	Unicorn-29811.exe
2760	Unicorn-29811.exe
1324	Unicorn-21555.exe
1324	Unicorn-21555.exe
2524	Unicorn-20896.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1372	2660	WerFault.exe	33
3000	2220	WerFault.exe	48
1600	2584	WerFault.exe	41
1148	1564	WerFault.exe	58
2388	2764	WerFault.exe	57
2084	3004	WerFault.exe	69
2908	2628	WerFault.exe	56
2980	448	WerFault.exe	76
1160	2512	WerFault.exe	53
2156	2440	WerFault.exe	67
2400	1756	WerFault.exe	51
2832	408	WerFault.exe	73
2792	536	WerFault.exe	81
3176	3048	WerFault.exe	116
3424	2916	WerFault.exe	137
3492	944	WerFault.exe	182
3496	292	WerFault.exe	153
3436	1328	WerFault.exe	60
3648	1228	WerFault.exe	77
3660	2120	WerFault.exe	91
3668	2272	WerFault.exe	107
3688	1952	WerFault.exe	80
3732	2960	WerFault.exe	87
3816	2236	WerFault.exe	144
3864	2716	WerFault.exe	184
3856	1080	WerFault.exe	183
3836	1944	WerFault.exe	141
4048	3016	WerFault.exe	74
3908	1584	WerFault.exe	63
3168	1656	WerFault.exe	110
3236	2460	WerFault.exe	62
3136	2152	WerFault.exe	43
3132	1772	WerFault.exe	42
3260	664	WerFault.exe	88
3304	832	WerFault.exe	52
3336	2496	WerFault.exe	36
3432	1324	WerFault.exe	45
3108	1692	WerFault.exe	39
4024	1864	WerFault.exe	94
3400	2096	WerFault.exe	98
4180	1648	WerFault.exe	118
4996	764	WerFault.exe	142
5004	2600	WerFault.exe	68
5052	2912	WerFault.exe	126
5012	1696	WerFault.exe	83
5072	2752	WerFault.exe	129
5064	344	WerFault.exe	125
4760	2332	WerFault.exe	136
4340	2724	WerFault.exe	145
4512	2876	WerFault.exe	102
5124	2352	WerFault.exe	97
5144	768	WerFault.exe	61
5164	2480	WerFault.exe	59
5152	2780	WerFault.exe	101
5552	2796	WerFault.exe	64
5628	2776	WerFault.exe	130
5688	1608	WerFault.exe	117
5720	3008	WerFault.exe	105
5712	1500	WerFault.exe	96
5672	2396	WerFault.exe	124
5660	2676	WerFault.exe	128
5652	2848	WerFault.exe	109
5644	1984	WerFault.exe	114
5744	840	WerFault.exe	120

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3446.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
2696	Unicorn-3277.exe
2760	Unicorn-29811.exe
2920	Unicorn-48840.exe
2660	Unicorn-33978.exe
2564	Unicorn-22280.exe
2604	Unicorn-15696.exe
2496	Unicorn-9565.exe
1568	Unicorn-14765.exe
2524	Unicorn-20896.exe
2584	Unicorn-50060.exe
1692	Unicorn-7081.exe
2152	Unicorn-38362.exe
1772	Unicorn-30194.exe
2880	Unicorn-49795.exe
1324	Unicorn-21555.exe
2416	Unicorn-26193.exe
2196	Unicorn-25447.exe
988	Unicorn-4926.exe
2220	Unicorn-11056.exe
832	Unicorn-27585.exe
2512	Unicorn-26822.exe
916	Unicorn-49878.exe
1756	Unicorn-50143.exe
1116	Unicorn-46614.exe
1760	Unicorn-39837.exe
2764	Unicorn-48005.exe
2628	Unicorn-28139.exe
1564	Unicorn-50619.exe
2480	Unicorn-29806.exe
1328	Unicorn-49027.exe
768	Unicorn-11523.exe
2460	Unicorn-52456.exe
1584	Unicorn-56256.exe
2796	Unicorn-18108.exe
2672	Unicorn-3163.exe
2720	Unicorn-58129.exe
2440	Unicorn-22022.exe
448	Unicorn-63054.exe
408	Unicorn-24160.exe
3016	Unicorn-4294.exe
3004	Unicorn-38550.exe
2600	Unicorn-18684.exe
1228	Unicorn-14838.exe
2756	Unicorn-52291.exe
1952	Unicorn-34082.exe
2856	Unicorn-27951.exe
536	Unicorn-64808.exe
1696	Unicorn-4102.exe
1976	Unicorn-47081.exe
2212	Unicorn-23205.exe
2080	Unicorn-32136.exe
2960	Unicorn-38834.exe
664	Unicorn-39318.exe
2436	Unicorn-62431.exe
932	Unicorn-2369.exe
2120	Unicorn-39026.exe
1540	Unicorn-45156.exe
1864	Unicorn-34850.exe
1484	Unicorn-14984.exe
2984	Unicorn-16302.exe
1500	Unicorn-16568.exe
2096	Unicorn-41648.exe
2464	Unicorn-57984.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2696	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	30
PID 2656 wrote to memory of 2696	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	30
PID 2656 wrote to memory of 2696	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	30
PID 2656 wrote to memory of 2696	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	30
PID 2696 wrote to memory of 2760	2696	Unicorn-3277.exe	31
PID 2696 wrote to memory of 2760	2696	Unicorn-3277.exe	31
PID 2696 wrote to memory of 2760	2696	Unicorn-3277.exe	31
PID 2696 wrote to memory of 2760	2696	Unicorn-3277.exe	31
PID 2656 wrote to memory of 2920	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	32
PID 2656 wrote to memory of 2920	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	32
PID 2656 wrote to memory of 2920	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	32
PID 2656 wrote to memory of 2920	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	32
PID 2760 wrote to memory of 2660	2760	Unicorn-29811.exe	33
PID 2760 wrote to memory of 2660	2760	Unicorn-29811.exe	33
PID 2760 wrote to memory of 2660	2760	Unicorn-29811.exe	33
PID 2760 wrote to memory of 2660	2760	Unicorn-29811.exe	33
PID 2696 wrote to memory of 2564	2696	Unicorn-3277.exe	34
PID 2696 wrote to memory of 2564	2696	Unicorn-3277.exe	34
PID 2696 wrote to memory of 2564	2696	Unicorn-3277.exe	34
PID 2696 wrote to memory of 2564	2696	Unicorn-3277.exe	34
PID 2920 wrote to memory of 2604	2920	Unicorn-48840.exe	35
PID 2920 wrote to memory of 2604	2920	Unicorn-48840.exe	35
PID 2920 wrote to memory of 2604	2920	Unicorn-48840.exe	35
PID 2920 wrote to memory of 2604	2920	Unicorn-48840.exe	35
PID 2656 wrote to memory of 2496	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	36
PID 2656 wrote to memory of 2496	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	36
PID 2656 wrote to memory of 2496	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	36
PID 2656 wrote to memory of 2496	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	36
PID 2696 wrote to memory of 1568	2696	Unicorn-3277.exe	37
PID 2696 wrote to memory of 1568	2696	Unicorn-3277.exe	37
PID 2696 wrote to memory of 1568	2696	Unicorn-3277.exe	37
PID 2696 wrote to memory of 1568	2696	Unicorn-3277.exe	37
PID 2564 wrote to memory of 2524	2564	Unicorn-22280.exe	38
PID 2564 wrote to memory of 2524	2564	Unicorn-22280.exe	38
PID 2564 wrote to memory of 2524	2564	Unicorn-22280.exe	38
PID 2564 wrote to memory of 2524	2564	Unicorn-22280.exe	38
PID 2496 wrote to memory of 1692	2496	Unicorn-9565.exe	39
PID 2496 wrote to memory of 1692	2496	Unicorn-9565.exe	39
PID 2496 wrote to memory of 1692	2496	Unicorn-9565.exe	39
PID 2496 wrote to memory of 1692	2496	Unicorn-9565.exe	39
PID 2656 wrote to memory of 2880	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	40
PID 2656 wrote to memory of 2880	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	40
PID 2656 wrote to memory of 2880	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	40
PID 2656 wrote to memory of 2880	2656	a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe	40
PID 2920 wrote to memory of 1772	2920	Unicorn-48840.exe	42
PID 2920 wrote to memory of 1772	2920	Unicorn-48840.exe	42
PID 2920 wrote to memory of 1772	2920	Unicorn-48840.exe	42
PID 2920 wrote to memory of 1772	2920	Unicorn-48840.exe	42
PID 2604 wrote to memory of 2584	2604	Unicorn-15696.exe	41
PID 2604 wrote to memory of 2584	2604	Unicorn-15696.exe	41
PID 2604 wrote to memory of 2584	2604	Unicorn-15696.exe	41
PID 2604 wrote to memory of 2584	2604	Unicorn-15696.exe	41
PID 2760 wrote to memory of 2152	2760	Unicorn-29811.exe	43
PID 2760 wrote to memory of 2152	2760	Unicorn-29811.exe	43
PID 2760 wrote to memory of 2152	2760	Unicorn-29811.exe	43
PID 2760 wrote to memory of 2152	2760	Unicorn-29811.exe	43
PID 2660 wrote to memory of 1372	2660	Unicorn-33978.exe	44
PID 2660 wrote to memory of 1372	2660	Unicorn-33978.exe	44
PID 2660 wrote to memory of 1372	2660	Unicorn-33978.exe	44
PID 2660 wrote to memory of 1372	2660	Unicorn-33978.exe	44
PID 2524 wrote to memory of 1324	2524	Unicorn-20896.exe	45
PID 2524 wrote to memory of 1324	2524	Unicorn-20896.exe	45
PID 2524 wrote to memory of 1324	2524	Unicorn-20896.exe	45
PID 2524 wrote to memory of 1324	2524	Unicorn-20896.exe	45

C:\Users\Admin\AppData\Local\Temp\a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe
"C:\Users\Admin\AppData\Local\Temp\a94adefb415b24b3db2e9e98187e6a583ad09415dd8e7f9e11ff2a7a72822517N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 244
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 244
        6⤵
        Program crash
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
        6⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        8⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54518.exe
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        7⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 244
        7⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30808.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 248
        6⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60344.exe
        5⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
        6⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        7⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 248
        7⤵
        
        PID:7032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 248
        6⤵
        Program crash
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        5⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        6⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5945.exe
        6⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        6⤵
        
        PID:7760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 244
        5⤵
        Program crash
        
        PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 224
        5⤵
        Program crash
        
        PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        5⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        6⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        7⤵
        
        PID:7880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        6⤵
        Program crash
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
        5⤵
        
        PID:4980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 248
        5⤵
        
        PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        5⤵
        
        PID:5080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 244
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
      4⤵
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
      4⤵
      PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
      4⤵
      PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
      4⤵
      PID:7920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        9⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
        8⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44072.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        7⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 248
        7⤵
        Program crash
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        8⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        8⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        7⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        6⤵
        Program crash
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18731.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 248
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        7⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22488.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12612.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        7⤵
        
        PID:8068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        6⤵
        Program crash
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39026.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        6⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 244
        7⤵
        Program crash
        
        PID:3816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 248
        6⤵
        Program crash
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 228
        6⤵
        Program crash
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        5⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        5⤵
        
        PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        8⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 216
        8⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        7⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 244
        7⤵
        Program crash
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        6⤵
        
        PID:3780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 248
        6⤵
        Program crash
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48301.exe
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        8⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        8⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        8⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        7⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        7⤵
        Program crash
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        6⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        7⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        6⤵
        
        PID:4744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 244
        6⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
        6⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        7⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        7⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        6⤵
        
        PID:3976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
        6⤵
        Program crash
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48294.exe
        6⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39301.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        5⤵
        
        PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        5⤵
        
        PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        6⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
        7⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        7⤵
        
        PID:7812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        6⤵
        Program crash
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        6⤵
        
        PID:7664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        5⤵
        Program crash
        
        PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        6⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
        6⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        5⤵
        
        PID:4108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38346.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
      4⤵
      PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
      4⤵
      PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37140.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
      4⤵
      PID:8076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        5⤵
        Executes dropped EXE
        
        PID:1516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        5⤵
        Program crash
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 244
        7⤵
        Program crash
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56152.exe
        6⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        6⤵
        
        PID:7892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        5⤵
        Program crash
        
        PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
        6⤵
        
        PID:4484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32078.exe
        5⤵
        
        PID:4156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        5⤵
        Program crash
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        5⤵
        
        PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
      4⤵
      PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
      4⤵
      PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
      4⤵
      PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        7⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        6⤵
        
        PID:3464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 220
        6⤵
        
        PID:5736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 248
        5⤵
        Program crash
        
        PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
        5⤵
        
        PID:3156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 228
        5⤵
        Program crash
        
        PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
      4⤵
      PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
      4⤵
      PID:7616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
      4⤵
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22318.exe
        5⤵
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35499.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        5⤵
        
        PID:3228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
        5⤵
        
        PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9250.exe
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41907.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        5⤵
        
        PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64502.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
      4⤵
      PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
      4⤵
      PID:8020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
    3⤵
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46002.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
      4⤵
      PID:4792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 244
      4⤵
      PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
    3⤵
    PID:4088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
    3⤵
    PID:4388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
    3⤵
    PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
    3⤵
    PID:6964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
    3⤵
    PID:8144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
    3⤵
    PID:7312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
        7⤵
        Program crash
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16755.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
        7⤵
        Program crash
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54179.exe
        6⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        7⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
        6⤵
        
        PID:4824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 244
        6⤵
        
        PID:5332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        5⤵
        Program crash
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28139.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 244
        8⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 248
        7⤵
        Program crash
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
        6⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46297.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40133.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
        7⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43497.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        6⤵
        
        PID:8240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        5⤵
        Program crash
        
        PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        5⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        6⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58305.exe
        6⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13210.exe
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        6⤵
        
        PID:7244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 228
        5⤵
        Program crash
        
        PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
      4⤵
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        5⤵
        
        PID:3700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        5⤵
        Program crash
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
      4⤵
      PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
      4⤵
      PID:8152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        7⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        7⤵
        Program crash
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        6⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        7⤵
        
        PID:7932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        6⤵
        Program crash
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21782.exe
        5⤵
        Executes dropped EXE
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 244
        7⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        6⤵
        
        PID:3984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 244
        6⤵
        Program crash
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 244
        6⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35937.exe
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3446.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18108.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        6⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        7⤵
        
        PID:7260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        6⤵
        Program crash
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21502.exe
        5⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        6⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        5⤵
        
        PID:3916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 248
        5⤵
        Program crash
        
        PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
      4⤵
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        6⤵
        
        PID:6460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
        6⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        5⤵
        
        PID:3208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        5⤵
        
        PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24564.exe
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        5⤵
        
        PID:7228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 244
      4⤵
      Program crash
      PID:3132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56308.exe
        6⤵
        
        PID:3920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 244
        6⤵
        Program crash
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
        5⤵
        
        PID:2144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 224
        6⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24977.exe
        5⤵
        
        PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        6⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        5⤵
        
        PID:4100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 220
        5⤵
        
        PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
      4⤵
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        5⤵
        
        PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe
      4⤵
      PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
      4⤵
      PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
      4⤵
      PID:7772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        7⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        6⤵
        
        PID:4128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 220
        6⤵
        Program crash
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        6⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 248
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
      4⤵
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28021.exe
        5⤵
        
        PID:3548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
        5⤵
        Program crash
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
      4⤵
      PID:4988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 244
      4⤵
      PID:5232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
    3⤵
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
      4⤵
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        5⤵
        
        PID:5356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
        5⤵
        
        PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
      4⤵
      PID:3604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 244
      4⤵
      Program crash
      PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
      4⤵
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
      4⤵
      PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
      4⤵
      PID:7660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
    3⤵
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
    3⤵
    PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
    3⤵
    PID:7152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 224
        6⤵
        Program crash
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20263.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        7⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        6⤵
        
        PID:3936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        6⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        6⤵
        
        PID:7940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
        5⤵
        Program crash
        
        PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        5⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48029.exe
        7⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        6⤵
        
        PID:4844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 224
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        6⤵
        
        PID:8512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 244
        5⤵
        Program crash
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49991.exe
      4⤵
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        6⤵
        
        PID:6176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        6⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
        6⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        5⤵
        
        PID:3184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 220
        5⤵
        Program crash
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        5⤵
        
        PID:8188
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 244
      4⤵
      Program crash
      PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 224
        5⤵
        Program crash
        
        PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52845.exe
        6⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        5⤵
        
        PID:4444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        5⤵
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
      4⤵
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
        5⤵
        
        PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
      4⤵
      PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
      4⤵
      PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
      4⤵
      PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
      4⤵
      PID:8116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16755.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44293.exe
        6⤵
        
        PID:7764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 228
        5⤵
        Program crash
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44528.exe
      4⤵
      PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
        5⤵
        
        PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
      4⤵
      PID:4916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 248
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
    3⤵
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        5⤵
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
      4⤵
      PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
      4⤵
      PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
      4⤵
      PID:8112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
    3⤵
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
      4⤵
      PID:7740
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
    3⤵
    - Program crash
    PID:3336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        5⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        7⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 220
        6⤵
        Program crash
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        5⤵
        
        PID:2716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 224
        6⤵
        Program crash
        
        PID:3864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
        5⤵
        Program crash
        
        PID:3688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 248
      4⤵
      Program crash
      PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3184.exe
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        5⤵
        
        PID:3588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        5⤵
        Program crash
        
        PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
      4⤵
      PID:3744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 244
      4⤵
      Program crash
      PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50147.exe
    3⤵
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
      4⤵
      PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
      4⤵
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
      4⤵
      PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
      4⤵
      PID:7876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
    3⤵
    PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43481.exe
    3⤵
    PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
    3⤵
    PID:5820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe
    3⤵
    PID:7080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
    3⤵
    PID:7208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55487.exe
    3⤵
    PID:7264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
      4⤵
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        6⤵
        
        PID:7748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        5⤵
        Program crash
        
        PID:3168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 248
      4⤵
      Program crash
      PID:2832
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 248
    3⤵
    - Program crash
    PID:1160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
    3⤵
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
        5⤵
        
        PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
      4⤵
      PID:4004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 220
      4⤵
      Program crash
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33069.exe
    3⤵
    PID:1080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 224
      4⤵
      Program crash
      PID:3856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
    3⤵
    - Program crash
    PID:3648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
    3⤵
    - Program crash
    PID:3176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
  2⤵
  PID:3412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
  2⤵
  PID:5024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
  2⤵
  PID:5348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
  2⤵
  PID:7036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
  2⤵
  PID:7536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
  2⤵
  PID:8176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe

Filesize
468KB

MD5
0b39bc24bbc186d7205011273eb06071

SHA1
bf42c30f776c714bbb94a1e5b3747e1fa0b8e709

SHA256
2f95ac4b5bcc49cffb5bb1a6fc34c2495619f53d11ee403a89a853bde85c8eab

SHA512
2685b7f4cb6add5531745cfbfedd209ab4d8e260f6ac9361da8a1bc8bb3ce1aca4d0b292d1334080fa3cf04e3b7c80ad00e510e309d9ac44c0cd45bc558a0ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe

Filesize
468KB

MD5
ed66f9ec8cd37a9fe77cad1f7275037e

SHA1
8f5e3c75bc4e7eda458c8df8e1070ac7d377bf19

SHA256
e37c42d9ecc7f495e15eea79f3587f0fa643b3a24be283631872cfae51dd151f

SHA512
d24c7d41a26250bb2089f5e9333a4a056e5df90798fca326605911f52fb9edbaada12a1a02903417c4d314a2061e4582a0e58a4ec2050950f59db76655ce1919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29476.exe

Filesize
468KB

MD5
cb72e8b16a97a94929127aa9cb7ed3e4

SHA1
ea941762ec727841433b044fc3b32624faebf92f

SHA256
a4c043fca3dbb67682a962ba6703ebdd82dd0ecfa62abe740af611fa17015119

SHA512
a87998ad1184772a963010b38da4c18ce536a64bf3215bb165d4adbde2d7a7841d5dc0abf7988dd7285ab0bf48fdcbfe730a77fa7f194717d89646fdce927265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29811.exe

Filesize
468KB

MD5
7b9a2c246a763d2ec13984c2f9a66710

SHA1
78f2e1df80e945245d381eb0c8c0bb00917c63b6

SHA256
def44893799df1ec55042fc4faaff41a62fb1795a7da5b74fba72a76babe6081

SHA512
64addb26252edc5c4ae230dfe9380d8725835f693d6612d8214b082248b0e114bc78e8d705a2dc5e18a4569c6187e5e3a0b2cfec75ad1d6b37e74c2bae4d563b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe

Filesize
468KB

MD5
5396df58550587aebff10105ed12495c

SHA1
9d1567ed3eb386072fbe314a96982af8b026fc15

SHA256
128f9e55fa457e6cd9809e980074fd514f1c66697378b5fd19aa06eff51ecdf4

SHA512
3c197bdbc47dc08d9a044b3a99579186656a17ee8501a5beaa9e833b100fae631098a64c384183049da52258eea0dcf509ebd91ec2a65c237eef5c55de564330

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe

Filesize
468KB

MD5
fccd9819e22980b8aa968f2f2ad5061f

SHA1
76f705397213c6a12f028c9cc0ca546f829aa624

SHA256
4b3e9fb39e75e676db06f9510ff5d4cb70299afd1d185d3aa009b6f8742dab10

SHA512
0a1bc2fca55da47fbcd7d72e9ab56a656aed107a408cc278545bdd0f9e1eef3e71a637fade0e2f431f1598e239a611743c1ca58b698a467be0498422c94b9808

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe

Filesize
468KB

MD5
8a3fe91934a8d82a647f4f41b689e3d1

SHA1
fe057f5cfc95b5ab609b4fe856fa50eb99fa1f3e

SHA256
9cc510737277ef5e0b1ba8498ff0462ed94fd7dbb0edd280bedabd6c284c28ed

SHA512
f93dcfaa40338e4b8f77b6762764da6e77162783979f4052cfbd1f7af1aceaa02e562d36d57fa013ddc13815d36d45b547e1c13fe0973fffc7c21236dd764fdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe

Filesize
468KB

MD5
5f9665f884cd74ba97a5a04e7cb03ece

SHA1
dd0b78b045055accd0e5f7708f9a8dcc7974de0b

SHA256
3d7d66ef4f4d1a80c40d1e15af2dff9a478b6ceb4f6e6491cc18b44dc62e5ec0

SHA512
cc353907058e2d80910c22b604af01bf93362e56836d8c227c48beed2ce431da72cd8c018027f7cf0f3d6ff10c29eae6ba697cb478e9b96ffaed35aec96b6f99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe

Filesize
468KB

MD5
e14b1756f18985840f928ef7028dae4b

SHA1
b400a02bf63d8976e5c8ab957889c078cb472186

SHA256
e4a7d34effded61f7c51c586273093e4fb0994b9d2469abf24685d308ddad6ac

SHA512
07f99ca8fee1ebbe6aed53c799a11af990788383873206de61f190f6ff4caab6933e037249e268f58751265a1c32f970b97945a4f37cf29d94a8b45a59cfd640

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe

Filesize
468KB

MD5
546775c3b4ff45b52f9ea043e6c04dc5

SHA1
625375753d7499fab004dab31976bf3973ce677e

SHA256
87d1a2f2a049160a7ec6c54cc6c66f13f686b7798c9acfc30a1fe6016207b8e7

SHA512
9358e2b46e02a4ff4979e6a7d9919b316994ca3b1d7f1473f2743dd288b0b313d83ab01e3666103a0b51aeccefb65939c554be50271c175b3d537b71923e0330

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe

Filesize
468KB

MD5
5d478d6ca1c9eaa7c9800c8b411e9483

SHA1
d3e70d1cec118e1e42afcf452bd807f70ab1f4ef

SHA256
80274b649393ea43b8e6045b5f5a2c01ff4c7c57ef0759e4c863657dae9e42bb

SHA512
2c353345fd2000ed84084796318266a5686787c01dddd9f7e501c0cf10fce8ff4a29e7810e54ea61f1f0cf070cae6a8193e40afcf637d66019ca490f780cd9b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe

Filesize
468KB

MD5
4f0250e577c4fda0880980e346ae190d

SHA1
869fe4bdfc70cf055bb589848d3137b329b69f3a

SHA256
03a42449ff6a121004813a27ae7ebb2ddd6d874988f9f721c0cf8b88ec5ad113

SHA512
825028c2e96453270f2dde6b7ad10e7a472929515e775e8d57b312a1280ccd6945e728dda899acc38ddad29e75322be1cb073193fc9dbd2d1c7dc2b2049830da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe

Filesize
468KB

MD5
c293506c02fd1e55da93385874d65d18

SHA1
552272ceb7b7156ecb0af28990c0b5a13bde52df

SHA256
8f492dac779ccd3a6a82e6521b515c4bd7f5eececc8e0cd14dfa3615f2cfe82d

SHA512
5f65a3e93a82365ead723a385253be976bfcf8f358949942c02f99dd792d5b49e924fb162cfb9eaf0eeb1406a4c747502133cbb5649e1e3d5d6871657b22e419

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe

Filesize
468KB

MD5
37aa82ea1118a7da49fd28b1ace33a4f

SHA1
94a0adf4a8d702c3e2a6425a652977e73f32e39a

SHA256
6f3a3ca7eb787025ffccf13babc0f64aefbbfb793b0f2a815d3a08bc8ad00986

SHA512
cbc66faed86c710a4db8b32f4f7b221ada821ac67b1ec5482c49074bb7997faa7f291326ac428d0e5bea87a671bd13850a454148ab9c7bd63f94d5dd73566c6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe

Filesize
468KB

MD5
4e0852f2cae0bd8dfb21acc1e75887d4

SHA1
84f1a735a8708e4c76e446c3226230df1af7575f

SHA256
6c9d1233ee5ee58853aece7c7526ad7aba53bfb5e814eb4536066619eefadedc

SHA512
e702883e749a05cf32eb6a98f2e7ccf3cf79990d35f6ed7b527b980556da6713f4cd8ca806dd676a139082fdaf168f1f3a9fc5ae18599573273089afc7dcd31b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38362.exe

Filesize
468KB

MD5
cd2b35344ed7101b8d34161c2f85d7af

SHA1
8b114dffe884dc2ba3fcde2dc02f850d212ec915

SHA256
c3da1419e3f80805e406fac59c5b570b9b0c8970e4102f67f6805fc48ca11878

SHA512
8e52d6da1a1fe5f0504933482105656ae7005adb061c50710532ae2fc023b6643fd380118d1441cc8471cb5f80f79c6f4910c051d8f95632cb78158524e1bb99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe

Filesize
468KB

MD5
65227cc842f0f1a05b665aca75ee42a7

SHA1
0eccef81f1409ee92a7aa1c30983172e729abe87

SHA256
fd7f2a095e468009269bbcc2ee7408e9b2a5ea00a6d9fdc8bcf39fb69797a207

SHA512
6f48797dac15bef2b32a236eb1c34f301813025b512e7423bc4b2f25fe9e2817bc88c016d70b8923a7e18a85b7d8f94220ad81a551ccdcbf355ae9de634aebcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49795.exe

Filesize
468KB

MD5
3a39629517c75331726bb703c713f7f8

SHA1
922fb668b8e6b66140fa339fec55e867f259a45a

SHA256
fca4a83d6860a73e4a470779dd7050d04d1ab6f28f0c8a682a37387b85e59598

SHA512
dcd0b204ded574fb7c7817432abc00ab13b3f724e45d5791767ec39ef8e61bb78f7acc32ece9fa3e2488bdf44995d7aed08cbd8e146ca6a39e0a8670c1ecccbd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe

Filesize
468KB

MD5
72242c4c3137aef3f621a3650f1cfe94

SHA1
58eca9fc4bf07ae37e92edb185527f0ab7792316

SHA256
157b0948de9355ff8aab9457705ad6609dbbcbf6efb47e66e2f20434339cad98

SHA512
81373e14d6568b53e0e33ecac886ecc5db147f845eab29e421a390f0390d3074b73cb82f73290f8e4163a84282a0764cba13720aac411b31ee0597f28060b535

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe

Filesize
468KB

MD5
a662cbd109835533198329271e99cdfd

SHA1
d4ca2116126b38f304cf1bcfecbb0d1a160c507c

SHA256
aa355f2e7f5ad8e48b61db23d454ba7887f058ee34013edce821678e8b575401

SHA512
3aecca694548b082b9a265b97a09237055cb0e3795b7eea5f5920b1dcd7dbae18f16035dcdd7585ddbabaed20e0c699c7e98b5ec7e5a8c1170c7083754f0c0e2

Download Submit