dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933

Analysis

max time kernel
149s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
Size

468KB
MD5

a3802b99257a69d299afa69f75930740
SHA1

5f8d870ecdca14b432deeb3966f5f0546d9856df
SHA256

dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933
SHA512

bcd6cd5b56b23943e9880de0c71cf50664e07747969a5733a007f976e42f20b4ab6066380a2bbfd85ba1d57a12cf5e06f2b537c548742afc4521321cd5192fed
SSDEEP

3072:1U3/og3KIE5TtbYfHOxccf8/uC5dPLpknSHRK6Znih0L3dkSrUlT:1Uvo8MTtQHiccfe1BDihONkSr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2552	Unicorn-706.exe
2840	Unicorn-47297.exe
2932	Unicorn-43767.exe
2636	Unicorn-19560.exe
2752	Unicorn-35896.exe
1048	Unicorn-58354.exe
2716	Unicorn-44619.exe
2084	Unicorn-12673.exe
2252	Unicorn-37732.exe
2092	Unicorn-32902.exe
1484	Unicorn-32902.exe
3040	Unicorn-26579.exe
2180	Unicorn-62834.exe
3064	Unicorn-32445.exe
2064	Unicorn-12844.exe
1612	Unicorn-51817.exe
2424	Unicorn-38474.exe
1160	Unicorn-18652.exe
368	Unicorn-10291.exe
2080	Unicorn-60047.exe
1716	Unicorn-42964.exe
952	Unicorn-19014.exe
2516	Unicorn-34796.exe
2548	Unicorn-10099.exe
2032	Unicorn-46591.exe
388	Unicorn-52978.exe
1456	Unicorn-33901.exe
2524	Unicorn-40032.exe
1372	Unicorn-61007.exe
1772	Unicorn-15335.exe
1964	Unicorn-10489.exe
2280	Unicorn-59959.exe
1740	Unicorn-7229.exe
2124	Unicorn-48631.exe
1708	Unicorn-17804.exe
2288	Unicorn-44163.exe
2944	Unicorn-58122.exe
2864	Unicorn-23250.exe
2456	Unicorn-60198.exe
2940	Unicorn-34799.exe
2824	Unicorn-1935.exe
2976	Unicorn-3981.exe
2592	Unicorn-35692.exe
2600	Unicorn-61158.exe
1060	Unicorn-48714.exe
832	Unicorn-49793.exe
2956	Unicorn-1412.exe
3052	Unicorn-13109.exe
3028	Unicorn-33530.exe
580	Unicorn-44884.exe
2692	Unicorn-64749.exe
2024	Unicorn-44884.exe
2172	Unicorn-9471.exe
1148	Unicorn-18930.exe
1524	Unicorn-45481.exe
2404	Unicorn-44527.exe
2432	Unicorn-12424.exe
660	Unicorn-38273.exe
2584	Unicorn-38251.exe
964	Unicorn-25912.exe
920	Unicorn-48225.exe
2060	Unicorn-34489.exe
2256	Unicorn-59783.exe
1632	Unicorn-19113.exe

Loads dropped DLL 64 IoCs

pid	Process
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2552	Unicorn-706.exe
2552	Unicorn-706.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2840	Unicorn-47297.exe
2840	Unicorn-47297.exe
2932	Unicorn-43767.exe
2932	Unicorn-43767.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2552	Unicorn-706.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2552	Unicorn-706.exe
2636	Unicorn-19560.exe
2636	Unicorn-19560.exe
2840	Unicorn-47297.exe
2840	Unicorn-47297.exe
1048	Unicorn-58354.exe
2752	Unicorn-35896.exe
1048	Unicorn-58354.exe
2752	Unicorn-35896.exe
2552	Unicorn-706.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2552	Unicorn-706.exe
2716	Unicorn-44619.exe
2932	Unicorn-43767.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2932	Unicorn-43767.exe
2716	Unicorn-44619.exe
2084	Unicorn-12673.exe
2084	Unicorn-12673.exe
2636	Unicorn-19560.exe
2636	Unicorn-19560.exe
2180	Unicorn-62834.exe
2180	Unicorn-62834.exe
2092	Unicorn-32902.exe
2092	Unicorn-32902.exe
2716	Unicorn-44619.exe
2716	Unicorn-44619.exe
3040	Unicorn-26579.exe
3040	Unicorn-26579.exe
2752	Unicorn-35896.exe
2752	Unicorn-35896.exe
2252	Unicorn-37732.exe
2252	Unicorn-37732.exe
2064	Unicorn-12844.exe
2064	Unicorn-12844.exe
2552	Unicorn-706.exe
2552	Unicorn-706.exe
2840	Unicorn-47297.exe
2840	Unicorn-47297.exe
2932	Unicorn-43767.exe
1484	Unicorn-32902.exe
2932	Unicorn-43767.exe
1484	Unicorn-32902.exe
1048	Unicorn-58354.exe
1048	Unicorn-58354.exe
3064	Unicorn-32445.exe
3064	Unicorn-32445.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
1612	Unicorn-51817.exe
1612	Unicorn-51817.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2004	2280	WerFault.exe	60
2088	2548	WerFault.exe	52
2652	2064	WerFault.exe	43
1636	2252	WerFault.exe	37
2000	1716	WerFault.exe	49
2788	952	WerFault.exe	50
2328	1160	WerFault.exe	46
1656	1484	WerFault.exe	38
572	2180	WerFault.exe	42
2680	2032	WerFault.exe	53
2260	920	WerFault.exe	94
2248	832	WerFault.exe	74
2108	1528	WerFault.exe	123
2188	2752	WerFault.exe	33
340	1372	WerFault.exe	57
1260	2852	WerFault.exe	170
3008	3064	WerFault.exe	41
3084	2124	WerFault.exe	62
3100	1772	WerFault.exe	58
3092	388	WerFault.exe	54
3132	2944	WerFault.exe	65
3124	2956	WerFault.exe	75
3288	1996	WerFault.exe	113
3680	2976	WerFault.exe	70
3696	2172	WerFault.exe	82
3732	660	WerFault.exe	88
3740	1740	WerFault.exe	61
3780	2824	WerFault.exe	69
3788	3028	WerFault.exe	77
3772	1708	WerFault.exe	63
3796	2024	WerFault.exe	81
3808	2516	WerFault.exe	51
3824	368	WerFault.exe	47
3876	2404	WerFault.exe	85
3884	1148	WerFault.exe	83
3688	2256	WerFault.exe	96
3612	3052	WerFault.exe	76
4044	2396	WerFault.exe	129
3188	2524	WerFault.exe	56
3556	1060	WerFault.exe	73
3992	1704	WerFault.exe	114
4708	2868	WerFault.exe	127
4340	580	WerFault.exe	80
4804	2060	WerFault.exe	95
4404	316	WerFault.exe	98
5036	2728	WerFault.exe	103
4928	2656	WerFault.exe	124
4992	2536	WerFault.exe	105
4816	924	WerFault.exe	118
5144	1524	WerFault.exe	84
5512	2152	WerFault.exe	110
5500	1632	WerFault.exe	97
5960	1048	WerFault.exe	34
6000	2940	WerFault.exe	68
6024	2424	WerFault.exe	45
6048	2312	WerFault.exe	101
6096	592	WerFault.exe	115
6072	1456	WerFault.exe	55
6104	2592	WerFault.exe	71
5000	2864	WerFault.exe	67
6136	2332	WerFault.exe	131
5600	2020	WerFault.exe	119
6368	2012	WerFault.exe	117
6732	2932	WerFault.exe	31

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12468.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
2552	Unicorn-706.exe
2840	Unicorn-47297.exe
2932	Unicorn-43767.exe
2752	Unicorn-35896.exe
2636	Unicorn-19560.exe
1048	Unicorn-58354.exe
2716	Unicorn-44619.exe
2084	Unicorn-12673.exe
2252	Unicorn-37732.exe
3064	Unicorn-32445.exe
3040	Unicorn-26579.exe
2064	Unicorn-12844.exe
2092	Unicorn-32902.exe
2180	Unicorn-62834.exe
1484	Unicorn-32902.exe
1612	Unicorn-51817.exe
2424	Unicorn-38474.exe
1160	Unicorn-18652.exe
368	Unicorn-10291.exe
952	Unicorn-19014.exe
2080	Unicorn-60047.exe
2548	Unicorn-10099.exe
1456	Unicorn-33901.exe
2516	Unicorn-34796.exe
1716	Unicorn-42964.exe
2524	Unicorn-40032.exe
1772	Unicorn-15335.exe
2032	Unicorn-46591.exe
1372	Unicorn-61007.exe
388	Unicorn-52978.exe
1964	Unicorn-10489.exe
2280	Unicorn-59959.exe
1740	Unicorn-7229.exe
1708	Unicorn-17804.exe
2124	Unicorn-48631.exe
2288	Unicorn-44163.exe
2944	Unicorn-58122.exe
2940	Unicorn-34799.exe
2456	Unicorn-60198.exe
2864	Unicorn-23250.exe
2976	Unicorn-3981.exe
2824	Unicorn-1935.exe
2592	Unicorn-35692.exe
1060	Unicorn-48714.exe
2600	Unicorn-61158.exe
2024	Unicorn-44884.exe
2692	Unicorn-64749.exe
3028	Unicorn-33530.exe
832	Unicorn-49793.exe
3052	Unicorn-13109.exe
2956	Unicorn-1412.exe
580	Unicorn-44884.exe
2172	Unicorn-9471.exe
1148	Unicorn-18930.exe
1524	Unicorn-45481.exe
2432	Unicorn-12424.exe
660	Unicorn-38273.exe
2404	Unicorn-44527.exe
2584	Unicorn-38251.exe
1632	Unicorn-19113.exe
964	Unicorn-25912.exe
920	Unicorn-48225.exe
2060	Unicorn-34489.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2552	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	29
PID 2660 wrote to memory of 2552	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	29
PID 2660 wrote to memory of 2552	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	29
PID 2660 wrote to memory of 2552	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	29
PID 2552 wrote to memory of 2840	2552	Unicorn-706.exe	30
PID 2552 wrote to memory of 2840	2552	Unicorn-706.exe	30
PID 2552 wrote to memory of 2840	2552	Unicorn-706.exe	30
PID 2552 wrote to memory of 2840	2552	Unicorn-706.exe	30
PID 2660 wrote to memory of 2932	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	31
PID 2660 wrote to memory of 2932	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	31
PID 2660 wrote to memory of 2932	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	31
PID 2660 wrote to memory of 2932	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	31
PID 2840 wrote to memory of 2636	2840	Unicorn-47297.exe	32
PID 2840 wrote to memory of 2636	2840	Unicorn-47297.exe	32
PID 2840 wrote to memory of 2636	2840	Unicorn-47297.exe	32
PID 2840 wrote to memory of 2636	2840	Unicorn-47297.exe	32
PID 2932 wrote to memory of 2752	2932	Unicorn-43767.exe	33
PID 2932 wrote to memory of 2752	2932	Unicorn-43767.exe	33
PID 2932 wrote to memory of 2752	2932	Unicorn-43767.exe	33
PID 2932 wrote to memory of 2752	2932	Unicorn-43767.exe	33
PID 2660 wrote to memory of 1048	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	34
PID 2660 wrote to memory of 1048	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	34
PID 2660 wrote to memory of 1048	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	34
PID 2660 wrote to memory of 1048	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	34
PID 2552 wrote to memory of 2716	2552	Unicorn-706.exe	35
PID 2552 wrote to memory of 2716	2552	Unicorn-706.exe	35
PID 2552 wrote to memory of 2716	2552	Unicorn-706.exe	35
PID 2552 wrote to memory of 2716	2552	Unicorn-706.exe	35
PID 2636 wrote to memory of 2084	2636	Unicorn-19560.exe	36
PID 2636 wrote to memory of 2084	2636	Unicorn-19560.exe	36
PID 2636 wrote to memory of 2084	2636	Unicorn-19560.exe	36
PID 2636 wrote to memory of 2084	2636	Unicorn-19560.exe	36
PID 2840 wrote to memory of 2252	2840	Unicorn-47297.exe	37
PID 2840 wrote to memory of 2252	2840	Unicorn-47297.exe	37
PID 2840 wrote to memory of 2252	2840	Unicorn-47297.exe	37
PID 2840 wrote to memory of 2252	2840	Unicorn-47297.exe	37
PID 1048 wrote to memory of 1484	1048	Unicorn-58354.exe	38
PID 1048 wrote to memory of 1484	1048	Unicorn-58354.exe	38
PID 1048 wrote to memory of 1484	1048	Unicorn-58354.exe	38
PID 1048 wrote to memory of 1484	1048	Unicorn-58354.exe	38
PID 2752 wrote to memory of 2092	2752	Unicorn-35896.exe	39
PID 2752 wrote to memory of 2092	2752	Unicorn-35896.exe	39
PID 2752 wrote to memory of 2092	2752	Unicorn-35896.exe	39
PID 2752 wrote to memory of 2092	2752	Unicorn-35896.exe	39
PID 2552 wrote to memory of 3040	2552	Unicorn-706.exe	40
PID 2552 wrote to memory of 3040	2552	Unicorn-706.exe	40
PID 2552 wrote to memory of 3040	2552	Unicorn-706.exe	40
PID 2552 wrote to memory of 3040	2552	Unicorn-706.exe	40
PID 2660 wrote to memory of 3064	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	41
PID 2660 wrote to memory of 3064	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	41
PID 2660 wrote to memory of 3064	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	41
PID 2660 wrote to memory of 3064	2660	dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe	41
PID 2932 wrote to memory of 2064	2932	Unicorn-43767.exe	43
PID 2932 wrote to memory of 2064	2932	Unicorn-43767.exe	43
PID 2932 wrote to memory of 2064	2932	Unicorn-43767.exe	43
PID 2932 wrote to memory of 2064	2932	Unicorn-43767.exe	43
PID 2716 wrote to memory of 2180	2716	Unicorn-44619.exe	42
PID 2716 wrote to memory of 2180	2716	Unicorn-44619.exe	42
PID 2716 wrote to memory of 2180	2716	Unicorn-44619.exe	42
PID 2716 wrote to memory of 2180	2716	Unicorn-44619.exe	42
PID 2084 wrote to memory of 1612	2084	Unicorn-12673.exe	44
PID 2084 wrote to memory of 1612	2084	Unicorn-12673.exe	44
PID 2084 wrote to memory of 1612	2084	Unicorn-12673.exe	44
PID 2084 wrote to memory of 1612	2084	Unicorn-12673.exe	44

C:\Users\Admin\AppData\Local\Temp\dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe
"C:\Users\Admin\AppData\Local\Temp\dfc26fe51876b8ab4bed181389f1d7bd1f2ebd36e4f37d834a03c4682d184933.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 244
        8⤵
        Program crash
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        8⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
        8⤵
        Program crash
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14155.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20446.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        8⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 224
        8⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 224
        7⤵
        Program crash
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 220
        7⤵
        Program crash
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        7⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52117.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        6⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        8⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 244
        7⤵
        Program crash
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21845.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        7⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
        7⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
        7⤵
        Program crash
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        6⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12440.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 248
        6⤵
        Program crash
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22957.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        7⤵
        
        PID:6512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 248
        6⤵
        Program crash
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        6⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
        6⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        6⤵
        
        PID:5332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 248
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        5⤵
        
        PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34796.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        7⤵
        Executes dropped EXE
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        8⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 228
        8⤵
        Program crash
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40148.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        8⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 228
        8⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 244
        7⤵
        Program crash
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12468.exe
        7⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        7⤵
        Program crash
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63396.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24472.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48250.exe
        7⤵
        
        PID:1352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 248
        6⤵
        Program crash
        
        PID:3808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 248
        5⤵
        Program crash
        
        PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52978.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21556.exe
        6⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62656.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44040.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18820.exe
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
        6⤵
        
        PID:5304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 248
        6⤵
        Program crash
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19793.exe
        6⤵
        
        PID:5352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 228
        6⤵
        Program crash
        
        PID:6368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 244
        5⤵
        Program crash
        
        PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
      4⤵
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        5⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61680.exe
        6⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-264.exe
        6⤵
        
        PID:4848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 244
        6⤵
        Program crash
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        5⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        5⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
      4⤵
      PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7697.exe
      4⤵
      PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
      4⤵
      PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
      4⤵
      PID:6620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44619.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33476.exe
        7⤵
        
        PID:456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 248
        7⤵
        Program crash
        
        PID:3612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 236
        6⤵
        Program crash
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        6⤵
        
        PID:4088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 244
        6⤵
        Program crash
        
        PID:4340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 244
        5⤵
        Program crash
        
        PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
        6⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28737.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        6⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        6⤵
        
        PID:4644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
        6⤵
        Program crash
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
        5⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1592.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27965.exe
        5⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
        5⤵
        
        PID:6776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 244
        5⤵
        Program crash
        
        PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30419.exe
      4⤵
      PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        5⤵
        
        PID:4184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 220
        5⤵
        Program crash
        
        PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5490.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
      4⤵
      PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
      4⤵
      PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43106.exe
      4⤵
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        5⤵
        Program crash
        
        PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        5⤵
        
        PID:4068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 244
        5⤵
        Program crash
        
        PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
      4⤵
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
      4⤵
      PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
      4⤵
      PID:6548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46591.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45481.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56412.exe
        6⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41181.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 244
        5⤵
        Program crash
        
        PID:5144
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 248
      4⤵
      Program crash
      PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44527.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2404
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 224
      4⤵
      Program crash
      PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
    3⤵
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
      4⤵
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
      4⤵
      PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
      4⤵
      PID:5900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
      4⤵
      PID:6200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17248.exe
      4⤵
      PID:6556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26472.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38075.exe
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
    3⤵
    PID:5804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
    3⤵
    PID:6032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43678.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        9⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        9⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41181.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        8⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 248
        8⤵
        Program crash
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        7⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        7⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        6⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        7⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
        7⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        6⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        7⤵
        
        PID:6824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 248
        6⤵
        Program crash
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19235.exe
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32430.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        7⤵
        
        PID:6872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 228
        6⤵
        Program crash
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        6⤵
        
        PID:4460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
        6⤵
        Program crash
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        5⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26114.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11903.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51172.exe
        6⤵
        
        PID:5020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 244
        6⤵
        Program crash
        
        PID:5000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 248
        5⤵
        Program crash
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        6⤵
        
        PID:6596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 248
        5⤵
        Program crash
        
        PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
      4⤵
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        5⤵
        
        PID:6604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 244
      4⤵
      Program crash
      PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 224
        5⤵
        Program crash
        
        PID:2088
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
      4⤵
      Program crash
      PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        6⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1368.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38199.exe
        6⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        5⤵
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23443.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        5⤵
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        5⤵
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
        5⤵
        
        PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5526.exe
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        5⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        5⤵
        
        PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        5⤵
        
        PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
      4⤵
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
      4⤵
      PID:5336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 244
      4⤵
      Program crash
      PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 224
      4⤵
      Program crash
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
    3⤵
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
      4⤵
      PID:5132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 220
      4⤵
      Program crash
      PID:6096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54492.exe
    3⤵
    PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48003.exe
    3⤵
    PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
    3⤵
    PID:5856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7515.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 244
    3⤵
    - Program crash
    PID:6732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35749.exe
        6⤵
        
        PID:1652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 228
        6⤵
        Program crash
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10818.exe
        5⤵
        
        PID:1528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 244
        6⤵
        Program crash
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43765.exe
        5⤵
        
        PID:2308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 228
        5⤵
        Program crash
        
        PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        5⤵
        
        PID:2908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 248
        5⤵
        Program crash
        
        PID:3796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 244
      4⤵
      Program crash
      PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48966.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        6⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29221.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4785.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        5⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
        5⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6440.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        5⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 248
        5⤵
        Program crash
        
        PID:5036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 244
      4⤵
      Program crash
      PID:340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47233.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
      4⤵
      PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
      4⤵
      PID:4628
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 220
      4⤵
      Program crash
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
      4⤵
      PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40921.exe
      4⤵
      PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 228
      4⤵
      PID:6932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
    3⤵
    PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
    3⤵
    PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
    3⤵
    - Program crash
    PID:5960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        5⤵
        
        PID:3228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 228
        5⤵
        Program crash
        
        PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
      4⤵
      PID:1996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 224
        5⤵
        Program crash
        
        PID:3288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 244
      4⤵
      Program crash
      PID:3100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
      4⤵
      PID:2868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 220
        5⤵
        Program crash
        
        PID:4708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 248
      4⤵
      Program crash
      PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3216
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 228
      4⤵
      Program crash
      PID:3992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 248
    3⤵
    - Program crash
    PID:3008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10489.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
      4⤵
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        5⤵
        
        PID:6248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
      4⤵
      Program crash
      PID:3680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26879.exe
    3⤵
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14710.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
      4⤵
      PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
      4⤵
      PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
    3⤵
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52377.exe
    3⤵
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
    3⤵
    PID:5188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
    3⤵
    PID:6060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
    3⤵
    PID:6292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
    3⤵
    PID:7088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
    3⤵
    PID:2852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 148
      4⤵
      Program crash
      PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 244
    3⤵
    - Program crash
    PID:6104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
    3⤵
    PID:5024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
    3⤵
    - Program crash
    PID:5512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8755.exe
  2⤵
  PID:1220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
  2⤵
  PID:3372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
  2⤵
  PID:4908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
  2⤵
  PID:5448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
  2⤵
  PID:5260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39553.exe
  2⤵
  PID:6284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
  2⤵
  PID:7004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe

Filesize
468KB

MD5
bd014faf5cf4b054968730bdc97eb632

SHA1
ef486b3faad647cc654029cc2a52740ce4a7615f

SHA256
cc0d08f8ff2e24877930be93b3df10abab5a9d879a655a1e9137e5732944e27f

SHA512
c277139b5d21f2885cfd9aa4d923eee9d8076c3c3061486ad17b7bb2cbe24ff633080ca92ec96a1f5fa617d271f2ae8a9f73b8e876fae22ba05d3af7321566c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe

Filesize
468KB

MD5
583d15a51db8d48970dfd2afa57c9f8a

SHA1
76f143e390dd8a39bfe30be3caf944683b47daa9

SHA256
544ff5faacc662ccb8458e92fab8fbcb8d041d14cdbaae6b8b1ed6262d7c07f0

SHA512
958e43444a99cfb663dcb9addcf712d6aef76f491f290809d27a63becc8c3a6037ef3f759ef543851f4ee51087c90d8d9788bd795ae68ed8aa6af11033088535

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe

Filesize
468KB

MD5
1d9c606dba3029f0e9672d80b53faa80

SHA1
aa35ff69e0967963160ab8aaa9726af383135ce0

SHA256
b4fa87061cca6148f8d141b6e04484b81cb59f30a0d2aa6661019937bd6483da

SHA512
7381a36ef46b66e44c9b4929646277dd6582efbfc2bffc321d2088f550bae90a4660e19b6e20856df5011640bbe63d858d5fe76146bb41226eee3c8a2265b55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe

Filesize
468KB

MD5
7f34558a12e6a22e7e0bc017cd3e452c

SHA1
f63af37daecf00bd06f41e92d714104951e89450

SHA256
0c33e14f48e221bccb51e8c3ed65e6394bb9dfa69d36955b65ea1f7645e2e64e

SHA512
c3889fccef4ee11e149e00f9e49f3e2f51174d6fa6f91f76b24224b2900a04ce9885227381dcfad8e4efe8a366034e5cfe5072880b0e552b4a0d32cc995d77a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe

Filesize
468KB

MD5
a3bd896c22b087a3d19b91f5e77550d2

SHA1
49d3d758104f020e2c385ee24d7817c4dabd6adf

SHA256
199557715ee7b9b710c94af7ee01792b2a9c982092dada912c1f575eb174a2ae

SHA512
82f151fab0afa321f8bb1ad9ed3219a461783a8ab3e1baa46844aa56785f42b3124dcd9eb91627bcc79f594efde8312ebd381937c9cc0a0e1fdaa01d1d888ff3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe

Filesize
468KB

MD5
ecb64225b03bb8db3cb655301d2a8e93

SHA1
11d550a6ecc2c7321791a6a253b583f1669f9fb9

SHA256
cd2abcde080fe78ea55788e13d3595613046d4e2f68831e5db2d154baff9c6bd

SHA512
e999b3eb16de84ab8e0c0c633b094870fb8d7d72c96905ac983be81fd3c5b7f2344690485c913b6f7bcbf296882a2f0458fa3465562a02d75f517b61a1288370

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe

Filesize
468KB

MD5
fcce24920ae3014e5267cf5c1c7b0a09

SHA1
14497b5b33e2458b76c1aa3f60031a22216b1453

SHA256
a3e9f009457e75e7b4043205f4d698bf78c53db87cf74829c812d9a8091f1176

SHA512
85fd28b1a852bc4b3535c8eeef2eb1aa1cb328088f23892517b234ab0252b4fc5d4a56652f5dd0af70605a7e60a5eee6e30f6965a3f5d6337c29a71eeaa022fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe

Filesize
468KB

MD5
9d887e76b9364b4521d0f24f43463be8

SHA1
64679739124731d0d578eaef257efddc2c0293f0

SHA256
dfb1aed9bc34493bb3a86798cc9f1a8db87d75ff2314727b6831d51e69633fc0

SHA512
5d4fcae80e6bce925e87adaff44cbdba88101485de9475f54692c351b1ad71d570f9e262060da92caa283b97ce52c9793d7dc3a5c3f37b1613ddb0b635106b0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe

Filesize
468KB

MD5
b96de0dfb04a3ba12e2ca96c01792a3a

SHA1
185aeeca31490a0feb4834113095404c4fccdd1e

SHA256
f7481dfe54481e12cd7e65422a7638bb52872e474cd378cbc65c9353a2697446

SHA512
1801e232332b671e7dde6b75ff1176402be28e4821a498fd3ee013fb20acec9809a9e85f8afc1bb06f9b38ed08d64b37020abb7d4662a6222d3c46a32885570f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37732.exe

Filesize
468KB

MD5
f094c6b0310f055e83c3fad0e8882b55

SHA1
615e7e53e35e6049738416cb41cf4529aad0c790

SHA256
105f51d252857728ccd1879d1cd999065461d7ee2d5b617b955c5c43f2284137

SHA512
f183b3f70cc4cf6f54454684835554f8f05fd2a646488a857f9d5919019ddcf8553a97b0904f2d9234ec0c08070f0dd7016d4328cfadcb2524a5f416452fc9b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe

Filesize
468KB

MD5
a976a8bd12b70397034710539cf14e22

SHA1
f2bf1fa3992dc0402b00d0bdd4f464e266970ee9

SHA256
3e1edf6767dcc5234528a29cf75fb148a276c140a36440f3c6e5a60c91f3cb45

SHA512
e281710bbc63a643b7065f172c6032163f07da41de90af32eed987a505b9723b1cde7c680a6715d8478eab5c3bd7b457a3e501d081de291b3e771520e9cd4e18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe

Filesize
468KB

MD5
7c16334842ae8bcdc68071b63def4393

SHA1
e321f24da4b5b21ed6f336ccce8ae24470b1dcef

SHA256
2dc4ae570110e4fb1c8d8189b0a515d937ebfce57b9282becd81bed349fc02e2

SHA512
032338737f29bfc7a689fdeb1c84e67baabfdb78e2b62bc7082ca85632e8804791376c7427487f20c32b2fc3366be857fd54bc75a9aae7209c2203fd368186c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44619.exe

Filesize
468KB

MD5
be607c8e685d55ac9841515705534438

SHA1
6e00c4c65aae1b47c6ba4dc759e4df1d28f64e02

SHA256
1d6a2d1460274198a4b312d865a8975b1f41a29d87072afaecb80e4a1fdd14f2

SHA512
b703cae1bcbcee03eab9c193a237f35d6ec3b9af87f5f5e1db5f611b83e2c35926d9a3554839f826a2591e370e7c20efcdeccc0cbe751f82d6b3afb74abff0ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47297.exe

Filesize
468KB

MD5
5421155a71bce437ba459d160e9ee205

SHA1
c92040e3273ef97bec0e3887518e87a8acabcd4f

SHA256
d5bc9c5ba32f2b69fa124b40dc717bc0860720219ef7d962572682e452c06f60

SHA512
c2fa74a32effcf7152d2d44724049225f36f1c0d8e5366b6c68aa5ae471b857fd4f3ee19876ed2febe17acb69908b336de47b5b04ab6cb71de9deee02c0ba873

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe

Filesize
468KB

MD5
5c9241d167b519d22c1a36b3b2f28be9

SHA1
fbf520bd038179f00cb570e64bf70e24c8591c76

SHA256
fe1bfb1da9e8a30ffd487d313f590a061fde264b7bab647b2110331ed6a0bf2d

SHA512
12f0491c1eebaba0e9c7ff5d5d1e3caf7bca67317ec2ef5f16901c13a45c0d4b6b5755b8caef07b05a989d5e344ad5c22481331d2d3003d4b9fa3f1b77a21747

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe

Filesize
468KB

MD5
f5926cbb29d98337daecfc479a412838

SHA1
a5c7140aa438fb7bde17acb160b53b99b59d0fdc

SHA256
916be903b823e9dc413aaf8120e71233fe7d4f457e79d845752a3bf1d9859cc8

SHA512
b75181838fba60f2745bc90c7880d87bc38ce2f4ec4b8c8f386422d11da000aa04cb32c1ed518232ec97c9ba04130c338ca35ac0359eb300ef40016d58b8027a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe

Filesize
468KB

MD5
210fdc4990e05644839e77f5d8e10c92

SHA1
58128adafdf5138f1c9e8fb9f0d4f3b270281b9c

SHA256
74066a0f8551f9afa5729c8586ea1e7c556a3b04fe37a46b74ade42aee2bf3f3

SHA512
2befff37dda34c73e614fb690d16b7e8bc4ed318d9de52d7f34e3271b871868b7b3d177c97c601b34177e3e6994ddf9b4a94a6eee98e2169bed781d19d1b80df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-706.exe

Filesize
468KB

MD5
27672c71e82f6c070385c52cf67a8594

SHA1
1293d168a451aa9a6f5f3b0bf8d6fbe3ec1ec3bc

SHA256
b04e392e49b3b60ce07e2012ba852327c13c0cc34452df430118f8972aaf7b14

SHA512
4301c8cf06f839a8e77614dd930089174ccfb6e1588f2b379c092e0aa04907d044cfe3856660175730d4628dc4c5f9d04a54e98f38b196b15088e8ded9023b05

Download Submit