a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019e

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
Size

468KB
MD5

8b30eb1ad54313026ad85b6fe2e94e20
SHA1

422d7f8f932369765cf0ea6c3295d6a4eaca9a19
SHA256

a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019e
SHA512

a70f5a76df9e167ab70f3b50815885d4d392f867a39647f2db9f1ebf5573cf75ca6ebb241e9943ea0a7f6cb66a39fe4810f37415d057fe9f79355eb8004975cd
SSDEEP

3072:SG3HogIKIE5TtIYeHz/Ocf6/zChaP0pkFVHMTVP6tCq3ER5gj8lh:SG3oDMTtoHrOcfUYD8tCwE5gj

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2744	Unicorn-33608.exe
2540	Unicorn-63574.exe
2892	Unicorn-60045.exe
2796	Unicorn-63351.exe
2844	Unicorn-18789.exe
1144	Unicorn-16188.exe
2836	Unicorn-38655.exe
2292	Unicorn-23528.exe
1432	Unicorn-34326.exe
584	Unicorn-15389.exe
2448	Unicorn-48032.exe
3020	Unicorn-28619.exe
3040	Unicorn-20643.exe
1216	Unicorn-20377.exe
2980	Unicorn-777.exe
1372	Unicorn-11099.exe
1016	Unicorn-60684.exe
2108	Unicorn-10913.exe
2152	Unicorn-44156.exe
2216	Unicorn-4393.exe
2560	Unicorn-34836.exe
2372	Unicorn-10523.exe
1056	Unicorn-20537.exe
280	Unicorn-56195.exe
2044	Unicorn-56387.exe
3064	Unicorn-45500.exe
1812	Unicorn-4467.exe
1724	Unicorn-41477.exe
1748	Unicorn-61078.exe
612	Unicorn-35495.exe
2028	Unicorn-23797.exe
1844	Unicorn-28453.exe
868	Unicorn-63180.exe
1608	Unicorn-60160.exe
2920	Unicorn-59968.exe
2104	Unicorn-52686.exe
2908	Unicorn-31358.exe
2876	Unicorn-47695.exe
2828	Unicorn-44291.exe
3060	Unicorn-59865.exe
2668	Unicorn-13464.exe
2684	Unicorn-26803.exe
2732	Unicorn-56522.exe
2156	Unicorn-53729.exe
2244	Unicorn-12770.exe
2652	Unicorn-53730.exe
3032	Unicorn-3917.exe
1964	Unicorn-40076.exe
896	Unicorn-44182.exe
760	Unicorn-30668.exe
2400	Unicorn-21239.exe
2208	Unicorn-18412.exe
2388	Unicorn-43300.exe
2392	Unicorn-14498.exe
1796	Unicorn-17725.exe
2176	Unicorn-29276.exe
552	Unicorn-16077.exe
920	Unicorn-6875.exe
1564	Unicorn-32771.exe
1152	Unicorn-35401.exe
2436	Unicorn-6450.exe
2404	Unicorn-51930.exe
1428	Unicorn-54499.exe
2596	Unicorn-62667.exe

Loads dropped DLL 64 IoCs

pid	Process
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2744	Unicorn-33608.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2744	Unicorn-33608.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2540	Unicorn-63574.exe
2540	Unicorn-63574.exe
2744	Unicorn-33608.exe
2744	Unicorn-33608.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2892	Unicorn-60045.exe
2892	Unicorn-60045.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2796	Unicorn-63351.exe
2796	Unicorn-63351.exe
2540	Unicorn-63574.exe
2540	Unicorn-63574.exe
2844	Unicorn-18789.exe
2744	Unicorn-33608.exe
2744	Unicorn-33608.exe
2844	Unicorn-18789.exe
1144	Unicorn-16188.exe
1144	Unicorn-16188.exe
2836	Unicorn-38655.exe
2836	Unicorn-38655.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2892	Unicorn-60045.exe
2892	Unicorn-60045.exe
1216	Unicorn-20377.exe
1432	Unicorn-34326.exe
1216	Unicorn-20377.exe
1432	Unicorn-34326.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2292	Unicorn-23528.exe
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2980	Unicorn-777.exe
2980	Unicorn-777.exe
2292	Unicorn-23528.exe
2540	Unicorn-63574.exe
2540	Unicorn-63574.exe
2892	Unicorn-60045.exe
2892	Unicorn-60045.exe
3040	Unicorn-20643.exe
3040	Unicorn-20643.exe
2796	Unicorn-63351.exe
2796	Unicorn-63351.exe
2836	Unicorn-38655.exe
2836	Unicorn-38655.exe
3020	Unicorn-28619.exe
3020	Unicorn-28619.exe
584	Unicorn-15389.exe
584	Unicorn-15389.exe
1144	Unicorn-16188.exe
1144	Unicorn-16188.exe
2744	Unicorn-33608.exe
2744	Unicorn-33608.exe
2448	Unicorn-48032.exe
2448	Unicorn-48032.exe
2844	Unicorn-18789.exe
2844	Unicorn-18789.exe
1016	Unicorn-60684.exe
1016	Unicorn-60684.exe

Program crash 51 IoCs

pid	pid_target	Process	procid_target
1592	1844	WerFault.exe	60
1856	612	WerFault.exe	58
2660	1748	WerFault.exe	57
2272	1812	WerFault.exe	55
1664	2152	WerFault.exe	47
2112	2108	WerFault.exe	46
2964	2652	WerFault.exe	78
2620	896	WerFault.exe	81
2916	1056	WerFault.exe	50
2948	1988	WerFault.exe	111
936	3020	WerFault.exe	40
2344	1732	WerFault.exe	142
2976	2352	WerFault.exe	144
820	2732	WerFault.exe	75
1504	2448	WerFault.exe	38
3440	2156	WerFault.exe	76
3464	2736	WerFault.exe	102
3772	2176	WerFault.exe	90
3204	2436	WerFault.exe	95
4032	3064	WerFault.exe	54
3980	1428	WerFault.exe	97
3272	584	WerFault.exe	39
3248	3060	WerFault.exe	71
3520	2388	WerFault.exe	87
3568	2372	WerFault.exe	48
3676	2668	WerFault.exe	73
3484	2596	WerFault.exe	98
3716	2400	WerFault.exe	84
3764	1964	WerFault.exe	80
4144	2920	WerFault.exe	65
4184	1372	WerFault.exe	44
4220	2492	WerFault.exe	125
4212	1060	WerFault.exe	130
4196	1808	WerFault.exe	141
4280	2208	WerFault.exe	86
4272	1564	WerFault.exe	93
4300	1724	WerFault.exe	56
4264	2876	WerFault.exe	68
4720	2232	WerFault.exe	110
4916	2216	WerFault.exe	49
4908	2540	WerFault.exe	30
4928	996	WerFault.exe	137
4960	2244	WerFault.exe	77
4340	280	WerFault.exe	52
4332	2392	WerFault.exe	88
5928	760	WerFault.exe	83
6016	2504	WerFault.exe	133
5948	2404	WerFault.exe	96
5340	2684	WerFault.exe	74
5840	2456	WerFault.exe	116
6000	580	WerFault.exe	104

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35495.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
2744	Unicorn-33608.exe
2540	Unicorn-63574.exe
2892	Unicorn-60045.exe
2796	Unicorn-63351.exe
2844	Unicorn-18789.exe
1144	Unicorn-16188.exe
2836	Unicorn-38655.exe
2292	Unicorn-23528.exe
1432	Unicorn-34326.exe
584	Unicorn-15389.exe
2448	Unicorn-48032.exe
1216	Unicorn-20377.exe
2980	Unicorn-777.exe
3040	Unicorn-20643.exe
3020	Unicorn-28619.exe
1016	Unicorn-60684.exe
1372	Unicorn-11099.exe
2560	Unicorn-34836.exe
2216	Unicorn-4393.exe
2152	Unicorn-44156.exe
2108	Unicorn-10913.exe
2372	Unicorn-10523.exe
1056	Unicorn-20537.exe
280	Unicorn-56195.exe
1812	Unicorn-4467.exe
1724	Unicorn-41477.exe
2044	Unicorn-56387.exe
1748	Unicorn-61078.exe
2028	Unicorn-23797.exe
612	Unicorn-35495.exe
3064	Unicorn-45500.exe
1844	Unicorn-28453.exe
868	Unicorn-63180.exe
1608	Unicorn-60160.exe
2920	Unicorn-59968.exe
2104	Unicorn-52686.exe
2876	Unicorn-47695.exe
2908	Unicorn-31358.exe
2828	Unicorn-44291.exe
2668	Unicorn-13464.exe
2684	Unicorn-26803.exe
3060	Unicorn-59865.exe
2732	Unicorn-56522.exe
2156	Unicorn-53729.exe
2244	Unicorn-12770.exe
2652	Unicorn-53730.exe
3032	Unicorn-3917.exe
896	Unicorn-44182.exe
1964	Unicorn-40076.exe
760	Unicorn-30668.exe
2208	Unicorn-18412.exe
2400	Unicorn-21239.exe
2388	Unicorn-43300.exe
2392	Unicorn-14498.exe
1796	Unicorn-17725.exe
2176	Unicorn-29276.exe
552	Unicorn-16077.exe
920	Unicorn-6875.exe
1564	Unicorn-32771.exe
1152	Unicorn-35401.exe
2404	Unicorn-51930.exe
2436	Unicorn-6450.exe
1428	Unicorn-54499.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 572 wrote to memory of 2744	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	29
PID 572 wrote to memory of 2744	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	29
PID 572 wrote to memory of 2744	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	29
PID 572 wrote to memory of 2744	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	29
PID 2744 wrote to memory of 2540	2744	Unicorn-33608.exe	30
PID 2744 wrote to memory of 2540	2744	Unicorn-33608.exe	30
PID 2744 wrote to memory of 2540	2744	Unicorn-33608.exe	30
PID 2744 wrote to memory of 2540	2744	Unicorn-33608.exe	30
PID 572 wrote to memory of 2892	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	31
PID 572 wrote to memory of 2892	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	31
PID 572 wrote to memory of 2892	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	31
PID 572 wrote to memory of 2892	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	31
PID 2540 wrote to memory of 2796	2540	Unicorn-63574.exe	32
PID 2540 wrote to memory of 2796	2540	Unicorn-63574.exe	32
PID 2540 wrote to memory of 2796	2540	Unicorn-63574.exe	32
PID 2540 wrote to memory of 2796	2540	Unicorn-63574.exe	32
PID 2744 wrote to memory of 2844	2744	Unicorn-33608.exe	33
PID 2744 wrote to memory of 2844	2744	Unicorn-33608.exe	33
PID 2744 wrote to memory of 2844	2744	Unicorn-33608.exe	33
PID 2744 wrote to memory of 2844	2744	Unicorn-33608.exe	33
PID 2892 wrote to memory of 2836	2892	Unicorn-60045.exe	34
PID 2892 wrote to memory of 2836	2892	Unicorn-60045.exe	34
PID 2892 wrote to memory of 2836	2892	Unicorn-60045.exe	34
PID 2892 wrote to memory of 2836	2892	Unicorn-60045.exe	34
PID 572 wrote to memory of 1144	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	35
PID 572 wrote to memory of 1144	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	35
PID 572 wrote to memory of 1144	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	35
PID 572 wrote to memory of 1144	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	35
PID 2796 wrote to memory of 2292	2796	Unicorn-63351.exe	36
PID 2796 wrote to memory of 2292	2796	Unicorn-63351.exe	36
PID 2796 wrote to memory of 2292	2796	Unicorn-63351.exe	36
PID 2796 wrote to memory of 2292	2796	Unicorn-63351.exe	36
PID 2540 wrote to memory of 1432	2540	Unicorn-63574.exe	37
PID 2540 wrote to memory of 1432	2540	Unicorn-63574.exe	37
PID 2540 wrote to memory of 1432	2540	Unicorn-63574.exe	37
PID 2540 wrote to memory of 1432	2540	Unicorn-63574.exe	37
PID 2744 wrote to memory of 584	2744	Unicorn-33608.exe	39
PID 2744 wrote to memory of 584	2744	Unicorn-33608.exe	39
PID 2744 wrote to memory of 584	2744	Unicorn-33608.exe	39
PID 2744 wrote to memory of 584	2744	Unicorn-33608.exe	39
PID 2844 wrote to memory of 2448	2844	Unicorn-18789.exe	38
PID 2844 wrote to memory of 2448	2844	Unicorn-18789.exe	38
PID 2844 wrote to memory of 2448	2844	Unicorn-18789.exe	38
PID 2844 wrote to memory of 2448	2844	Unicorn-18789.exe	38
PID 1144 wrote to memory of 3020	1144	Unicorn-16188.exe	40
PID 1144 wrote to memory of 3020	1144	Unicorn-16188.exe	40
PID 1144 wrote to memory of 3020	1144	Unicorn-16188.exe	40
PID 1144 wrote to memory of 3020	1144	Unicorn-16188.exe	40
PID 2836 wrote to memory of 3040	2836	Unicorn-38655.exe	41
PID 2836 wrote to memory of 3040	2836	Unicorn-38655.exe	41
PID 2836 wrote to memory of 3040	2836	Unicorn-38655.exe	41
PID 2836 wrote to memory of 3040	2836	Unicorn-38655.exe	41
PID 572 wrote to memory of 1216	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	42
PID 572 wrote to memory of 1216	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	42
PID 572 wrote to memory of 1216	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	42
PID 572 wrote to memory of 1216	572	a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe	42
PID 2892 wrote to memory of 2980	2892	Unicorn-60045.exe	43
PID 2892 wrote to memory of 2980	2892	Unicorn-60045.exe	43
PID 2892 wrote to memory of 2980	2892	Unicorn-60045.exe	43
PID 2892 wrote to memory of 2980	2892	Unicorn-60045.exe	43
PID 1216 wrote to memory of 1372	1216	Unicorn-20377.exe	44
PID 1216 wrote to memory of 1372	1216	Unicorn-20377.exe	44
PID 1216 wrote to memory of 1372	1216	Unicorn-20377.exe	44
PID 1216 wrote to memory of 1372	1216	Unicorn-20377.exe	44

C:\Users\Admin\AppData\Local\Temp\a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe
"C:\Users\Admin\AppData\Local\Temp\a07fc5a3085d5db7e3bdb2b14e739ad0c8e54944c79665e6d0a3420157d5019eN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 244
        7⤵
        Program crash
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
        7⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        8⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
        8⤵
        Program crash
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29887.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 248
        7⤵
        Program crash
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        7⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        6⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        7⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        7⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
        7⤵
        Program crash
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        6⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 224
        7⤵
        Program crash
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27365.exe
        6⤵
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        6⤵
        
        PID:3612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 244
        6⤵
        Program crash
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        7⤵
        
        PID:5592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        6⤵
        Program crash
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51860.exe
        5⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18082.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21258.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        5⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28453.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 188
        7⤵
        Program crash
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        6⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        7⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 224
        7⤵
        Program crash
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62634.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        6⤵
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60790.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        6⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        6⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25950.exe
        5⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        6⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        6⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        5⤵
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4393.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13546.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        7⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 248
        6⤵
        Program crash
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        5⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46717.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12895.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12295.exe
        5⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39557.exe
        5⤵
        
        PID:4076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        5⤵
        Program crash
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2652
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        5⤵
        Program crash
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
      4⤵
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42923.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        5⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
      4⤵
      PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
      4⤵
      PID:3192
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 248
      4⤵
      Program crash
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
        6⤵
        Program crash
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31358.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        6⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        7⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44108.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        5⤵
        
        PID:1064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        5⤵
        Program crash
        
        PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        6⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        6⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        6⤵
        
        PID:5904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 248
        6⤵
        Program crash
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        6⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        5⤵
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53729.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
        6⤵
        
        PID:5980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        5⤵
        Program crash
        
        PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
      4⤵
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12773.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
        5⤵
        
        PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
      4⤵
      PID:5016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
      4⤵
      PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        5⤵
        Program crash
        
        PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
        5⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        6⤵
        
        PID:5972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 228
        6⤵
        Program crash
        
        PID:5840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        5⤵
        Program crash
        
        PID:820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
      4⤵
      PID:3124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 244
      4⤵
      Program crash
      PID:3272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 224
      4⤵
      Program crash
      PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        5⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        5⤵
        Program crash
        
        PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
      4⤵
      PID:3100
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 228
      4⤵
      Program crash
      PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
    3⤵
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
      4⤵
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
    3⤵
    PID:2988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
    3⤵
    PID:4084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
    3⤵
    PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
    3⤵
    PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
    3⤵
    PID:5344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        8⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
        8⤵
        Program crash
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        7⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1258.exe
        6⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        7⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
        6⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        6⤵
        
        PID:3196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 220
        6⤵
        Program crash
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        5⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        6⤵
        
        PID:3148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        6⤵
        Program crash
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        5⤵
        
        PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44830.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44291.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        6⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52965.exe
        7⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57048.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        6⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27388.exe
        6⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27892.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        6⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        5⤵
        
        PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        5⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        7⤵
        
        PID:5440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 228
        6⤵
        Program crash
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        6⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        5⤵
        
        PID:3540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 248
        5⤵
        Program crash
        
        PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63253.exe
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62815.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
      4⤵
      PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 224
        6⤵
        Program crash
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        5⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        6⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
        5⤵
        
        PID:3508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 248
        5⤵
        Program crash
        
        PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        5⤵
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 220
        5⤵
        Program crash
        
        PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      4⤵
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5190.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
      4⤵
      PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48921.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2949.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        5⤵
        
        PID:5724
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 228
      4⤵
      Program crash
      PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13204.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
        5⤵
        
        PID:3884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 216
        5⤵
        Program crash
        
        PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40594.exe
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39135.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29625.exe
      4⤵
      PID:5680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
    3⤵
    PID:4004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
    3⤵
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
    3⤵
    PID:6052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45500.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18412.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        6⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        7⤵
        Program crash
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        6⤵
        
        PID:3968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 248
        6⤵
        Program crash
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        5⤵
        
        PID:2232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 224
        6⤵
        Program crash
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
        5⤵
        Program crash
        
        PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
        5⤵
        
        PID:3536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 244
        5⤵
        Program crash
        
        PID:4332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        5⤵
        
        PID:3876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 244
        5⤵
        Program crash
        
        PID:4196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 248
      4⤵
      Program crash
      PID:936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41477.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:1756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 248
        6⤵
        Program crash
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
        5⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5574.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        5⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        5⤵
        
        PID:5432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 248
        5⤵
        Program crash
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 244
        5⤵
        Program crash
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
      4⤵
      PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
      4⤵
      PID:3888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 228
      4⤵
      Program crash
      PID:4300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15019.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6714.exe
      4⤵
      PID:6024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
    3⤵
    PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20347.exe
      4⤵
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
    3⤵
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6380.exe
    3⤵
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50138.exe
    3⤵
    PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
    3⤵
    PID:4936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        6⤵
        
        PID:3616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 228
        6⤵
        Program crash
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        5⤵
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
        5⤵
        
        PID:3856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        5⤵
        Program crash
        
        PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
      4⤵
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
      4⤵
      PID:3928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 244
      4⤵
      Program crash
      PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47695.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 244
        5⤵
        Program crash
        
        PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 248
      4⤵
      Program crash
      PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18958.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
      4⤵
      PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
      4⤵
      PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
    3⤵
    PID:3132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
    3⤵
    PID:3212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
    3⤵
    PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
    3⤵
    PID:1384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
    3⤵
    PID:5484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2108
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
    3⤵
    - Program crash
    PID:2112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17725.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17725.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54331.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
    3⤵
    PID:6056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36885.exe
    3⤵
    PID:2252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
  2⤵
  PID:2472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
  2⤵
  PID:3080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
  2⤵
  PID:3588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
  2⤵
  PID:5808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
  2⤵
  PID:6100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe

Filesize
468KB

MD5
c4402ff4648ad6e5a8a06c50da6a7e27

SHA1
f0d73cd31ffe1d68081dabbea884b962fe97e808

SHA256
51b1f2a2ff0218113282c4062aa86783e084c443d4671ad17627a59aba147d09

SHA512
ff76b56edbdb5a2eaaa763af96d6b412a099bf1bd41603f10e2790fdd885d748ba2425b22bc882f408ac66bbf2f7eafdd7f2c1a1dbef9141cace4e917a1be9bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe

Filesize
468KB

MD5
d80d0893133240c806ffde17bbf07d72

SHA1
04f901bd93003a1abce181089170ecf72772cd83

SHA256
99a94960a45bf76891c514089e70bdb89ab87211506427f55362b5a581c66208

SHA512
887d146c8054e2bf1d862b9c7c51d3acd67ae828aea53adf64a0e1ecaddd8d95d954b3958fcbe94ef6f88d4fa8759f530477bc8d8737198e3a7fbfd09a083f59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe

Filesize
468KB

MD5
70ea9f4a0a86f568530c12b5d1503ee9

SHA1
18155be878095e857a157585d50aa0b10d03f036

SHA256
4f4e5057aa1bcaae21621c6c8408ed7031220dffb09cf2c4b165bebbcdb0ba5e

SHA512
3827223d0f048c0f2f264e9f6b37e925f69a7c261dba0acaa40a1b968457b976d49ea0c310b30fb8116d9754700fe39dcbfe7beccb5ad5799ae7495b1e0dc965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe

Filesize
468KB

MD5
d680a48f9663b64fa779c21193103329

SHA1
60baaa0aaf7401ac16673638c904c7cf09582db1

SHA256
3395cdd161f587ced1761d954a9bfd6202ef91e06db58c97b9ee7f1eca3ae60c

SHA512
a389339f72a76fdcfd3f285356255d320d53a9bddc0260d7071e327eaf29032d4573db0b44d22dfb7cc33e8b77ff53c03a92f7f385bff352c58bfc8d6fff8194

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe

Filesize
468KB

MD5
615e6468c79d04bae9986bb21b1a0f2b

SHA1
10da6ec3ae0dcbc96ffee778180ab536577ca8ad

SHA256
a1bb4db52cb5ec389d75660a467faf86690ac6a4855a53fb5e203b5b84c59bcc

SHA512
c09375eaa782b4c8824e805444b6aab722e2ed6b4e4ef374bb0450cf79a56d22a87b2a82357cb7e679da29ae7097fa4404d5a55d10b1519ecb178595f6f647c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe

Filesize
468KB

MD5
5321f2b42a0f65daaaf7d63ab065aed9

SHA1
8472391effed2b3a508d03972232786f4f811ba7

SHA256
6cf2e23aacb6eb3ad83749daac7d6f5ea3160ddee4b5dda256245040e58a1f45

SHA512
6c982260f6664e7d83705d7e2cc64911ab2bc7d70fb76ec35290ca3f3c4e65b2e48cfe9bb476df830a88b693c489a893eb70b07c9cc389a489b9af45af3e9c90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe

Filesize
468KB

MD5
062778991997348971c150ed545e03ee

SHA1
6266c69b06f03a6ccc2782c55851ccd56818510d

SHA256
48961725f53c4c8ee8f9bfe112ba5b5a7475d4a4f1d72182616ef87d5c538a89

SHA512
99e32642fd5d1a7e47d90fd78fe9cbd71c9add990135a63600e38964f84f931498488a2aa76d0e9cc4a1ed785be8cce936ff21d7b30af424b0bc5bd382d98614

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe

Filesize
468KB

MD5
f5e7dfdea95c98927e33d6be5ee76353

SHA1
1f9c82cc3fbb8b3b277e9ed6532f8250b04dfb69

SHA256
785a69d6778ec39dd8e82adf5d8710bd7969e880f10ff2adf540011bb5edb44d

SHA512
6dd30f70e92707b8def093b207f9d71e94bc736af5612994f2e7d480c455264fca75eae5f48084705b14622d7f075eb9e10b286518331d77066f72818da2b5f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16188.exe

Filesize
468KB

MD5
fc0b7821cfcacc2fadc779946b4024d9

SHA1
e5aa0cc349701921e905b6eb4b6826a3ceff18e7

SHA256
e0bde66ce690581bb54a858a5c593ddda85f445d453cf8d8afbe93ab2fe66554

SHA512
9543b1222174a49ad1579e4e59aee16d401a691e8ada86b2f262881c7db299eb7a83a44a6140d770c391a85b6aa5bb99e111c6aa459ab07c92d532d277138fd0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe

Filesize
468KB

MD5
5b46f5162a756f763c91ec579e28c2cf

SHA1
80a305f975a67a512167417498d9f0eb351eefa6

SHA256
bc33973cad49dd61ea1a461409066a11983850a5849105bb6b96f385977c7452

SHA512
aceee282031b43b1405a7d73523ca356f1e28cc82aa4df71d83f482a2cd4f5f4b95f66b75733fc3b75c2ea2b6b9a79ec97981b638ce16d75cd167975cb5c5cbb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe

Filesize
468KB

MD5
76eea0dfafdb07ced2b68bc6aa64a750

SHA1
49e3df10cb9b5c994c7bd2c7b616902304acd5dd

SHA256
79f4c7f8c0ab7b86377b9f5f0e80295e9169233236b12632b7c18fe757545cbf

SHA512
2702b014b3ac430d2089c909c65f4288c5351b319bd8b198bedb980bb73b6894c9587403b44946bbf13ae81880db131c0cb1d5d48ac07ccd970dd311247290ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28619.exe

Filesize
468KB

MD5
66dc5aab37f1f41070cabf52eac6e0c9

SHA1
3430e31479be13f2c576cc5273d11882863faa86

SHA256
83d4142f6244f9013b599c08370803d5223f77082820e6cf06582f4290103550

SHA512
9965c70a21efd37630385675f81928b6391ba097790e2c747d682a4a05d35962dfe17ce38336188b647201ccf0f73510f9b9d88ff1c32c01ce379a3fe2443136

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe

Filesize
468KB

MD5
f69dc78dc90ede0cdf211b9392386ad6

SHA1
302ed4b836df775fda88f5b41ec4656096684f43

SHA256
61cef97f335b4851372ea8b9e16e44db4b0bb6f4561b13eea4cd40ac2064a5b2

SHA512
a092605c998bc6d073ecf392da4f2c2f0c371fd9fd8ff5a1f548f4f1cede9ee6a3d2aa512d7ae183ca5272664bdc89273d15caf5ad7fd2ba67de0b88878d31e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe

Filesize
468KB

MD5
6a3a6569dcf95844563274725994abf9

SHA1
4b56258ae2c395ce5349ba182dfed0223659787a

SHA256
c3df5ce4a3eefa1457a476c2c3f26169dccc240148cb0d9ba8056b0096594845

SHA512
7e59f979bc5543ac5237f4f00797c5f24ecd3b88823c801ec91e45e08fc05b1e3504c2f1b7dd4d6cada5b4f1fa54047ccbecf7cf4dd86c24295837aa5e899e3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe

Filesize
468KB

MD5
96a8502e9630633927d94a9d6ab9f857

SHA1
2aa7fa68257e69abc7bb2ccc65a8d1b299654d16

SHA256
c28e2424eb4a87ff3668342558add664c5311080fef7e46757510157ff665140

SHA512
f645b1eac940cd87a8032af9d4418be8e8084056ad44daaea4d3da4734b138a4e29131acc5b5e8da813ed183ce91e2736d6298fd2cf52f61a2551972ea165490

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe

Filesize
468KB

MD5
db3777304b583a002e61c53d85853640

SHA1
a1cd9a2a357a47ce705f21460c07b2caad1eb0ef

SHA256
06850cd2d35ff7204e811f28d5eccc38e3298e6f63793934600553c71606c34e

SHA512
624c7fed8208df92d39e3c1e21a8badf95301d0bef4050ebb2cb0aff19e113ca73438971e176140d99d89b39a0e00c2d33acc24bcea60fe6be77b293538d96af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe

Filesize
468KB

MD5
d2b6a6efc2304cae64dcd55e546f1ae2

SHA1
66686dc6aaafdec5702e35dfd0a50b26fb7b1d61

SHA256
fcad0b065a80fbb94a47ee947c38e723f521183110378a019fa961112d3b8774

SHA512
7942eb4f4c6ea0a2dc77a895c5eeafc115c4d485faf7bb9672ab0678ff86e3931feea19b251ad94cd64c725e291e7c6d93fee2b7e578e944d258122f2dd7242e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe

Filesize
468KB

MD5
a9fe95bc8d8e48a6ba4f712fb285fb9a

SHA1
1614d3695f57114c7fddba1dbd5a229b1bdd2022

SHA256
a5688af18a0bc60fc03424ba630752cd64e929e8a922df613a2f7cd3386dcd6a

SHA512
05abce00c63d7bea6cdb9ce7cba25d88f8e2545dcda136b016cd67609790573eeaa5409b30cf58f676f8fc791b45dd8d0fd89100649a707faccd4f6dda38fd4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe

Filesize
468KB

MD5
66930c97f845858731c48e5af5121cb6

SHA1
1585924871462d3ac7bac2964dd5291bf8c3c5c8

SHA256
e739a695cdbd79e1ce923158524d68f64a96de7a009887bd98d06e0669487808

SHA512
39bdb8c0feb90cc7133afb665a02533cdaaad9cc96802464e1d34cd13e4fbed5118beba5efbee031603f74767f1c8eef581ba62a5b041985d775869ca4adb3e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe

Filesize
468KB

MD5
659f52fa5927ec432d390fd620e4e5e5

SHA1
9b81e10303c397fc670bda1cd497609306651491

SHA256
d50bd14d1440ddfa298c98575d196995265b9528e9a4bce639f3c0db48e76006

SHA512
d2e552b528baa2a7c9b5669be012da9c42788aed9c36362e229f362d6fd50543b1b1eed258261185f711ed8a051daf273c02709fd28b8fd149325ddaa3c061d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-777.exe

Filesize
468KB

MD5
6300843f87bf66b5c82aad07129aee85

SHA1
caf1b00c8322934a06e379f3b769d4d85f8bb9b0

SHA256
fb427aef9c8da05977937f492cd6bdc437b8eac346a29b83727ad94d085133dd

SHA512
fd5bb6df5f9b04887e89e6c27f763c5e68fd293eb5ffe07b3de3efc3582fef9664feee777489461158dc770fc7132e2cc82ed48d57915a2298020166c8d96991

Download Submit