8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe
Size

192KB
MD5

2db2cfa5d12a7760aad914edc5224813
SHA1

a2f197857993ec73080a6084af529627fcc4efd4
SHA256

8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7
SHA512

57a62a2e71955a8252af71cc35e782275e361508a5e92356752ad738a8d8cac032a2a665b2cfd74f4b7443352a53cbab0828ae436fd125e2e00415705f501cb9
SSDEEP

3072:BkPvoAJLiHAUkvj0BdLk288K6DLjrxvrTbhFx7mxxC2lVvMXJ:BkHotgjv+do288nnBl2lVvM5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2596	Unicorn-63238.exe
1984	Unicorn-42948.exe
2040	Unicorn-63923.exe
1804	Unicorn-45937.exe
2812	Unicorn-25517.exe
1132	Unicorn-5501.exe
1784	Unicorn-46342.exe
1460	Unicorn-38728.exe
2028	Unicorn-17728.exe
580	Unicorn-42978.exe
1304	Unicorn-29980.exe
1960	Unicorn-24993.exe
2436	Unicorn-53581.exe
1876	Unicorn-62304.exe
900	Unicorn-54889.exe
820	Unicorn-43191.exe
1600	Unicorn-37375.exe
2400	Unicorn-8272.exe
2532	Unicorn-29761.exe
1764	Unicorn-32222.exe
2056	Unicorn-38719.exe
576	Unicorn-29482.exe
2760	Unicorn-10493.exe
2172	Unicorn-58947.exe
2660	Unicorn-50068.exe
1236	Unicorn-9782.exe
1456	Unicorn-33732.exe
2160	Unicorn-17204.exe
2932	Unicorn-49684.exe
2816	Unicorn-53768.exe
2512	Unicorn-5314.exe
2864	Unicorn-54323.exe
2564	Unicorn-20904.exe
2784	Unicorn-50239.exe
264	Unicorn-42860.exe
1720	Unicorn-31162.exe
1660	Unicorn-4204.exe
452	Unicorn-29263.exe
1548	Unicorn-8096.exe
564	Unicorn-29071.exe
2268	Unicorn-57105.exe
2800	Unicorn-12735.exe
2412	Unicorn-7904.exe
1260	Unicorn-30415.exe
2408	Unicorn-62533.exe
836	Unicorn-14079.exe
2500	Unicorn-5164.exe
1812	Unicorn-37837.exe
1080	Unicorn-18102.exe
2300	Unicorn-1573.exe
2552	Unicorn-5657.exe
544	Unicorn-39076.exe
2808	Unicorn-43160.exe
1760	Unicorn-40058.exe
2320	Unicorn-57463.exe
2104	Unicorn-28360.exe
2936	Unicorn-57271.exe
2960	Unicorn-12901.exe
2896	Unicorn-45019.exe
2828	Unicorn-13690.exe
2248	Unicorn-42833.exe
1872	Unicorn-5330.exe
1316	Unicorn-9414.exe
2452	Unicorn-58423.exe

Loads dropped DLL 64 IoCs

pid	Process
1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe
1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe
2596	Unicorn-63238.exe
2596	Unicorn-63238.exe
1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe
1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
1984	Unicorn-42948.exe
2040	Unicorn-63923.exe
1984	Unicorn-42948.exe
2040	Unicorn-63923.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
1804	Unicorn-45937.exe
1804	Unicorn-45937.exe
2812	Unicorn-25517.exe
2812	Unicorn-25517.exe
2040	Unicorn-63923.exe
2040	Unicorn-63923.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1784	Unicorn-46342.exe
2812	Unicorn-25517.exe
1784	Unicorn-46342.exe
2812	Unicorn-25517.exe
1460	Unicorn-38728.exe
1460	Unicorn-38728.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
1760	WerFault.exe
580	Unicorn-42978.exe
580	Unicorn-42978.exe
2028	Unicorn-17728.exe
2028	Unicorn-17728.exe
1784	Unicorn-46342.exe
1784	Unicorn-46342.exe
1304	Unicorn-29980.exe
1304	Unicorn-29980.exe

Program crash 33 IoCs

pid	pid_target	Process	procid_target
2312	2596	WerFault.exe	30
2272	1984	WerFault.exe	31
1500	1804	WerFault.exe	34
1760	1132	WerFault.exe	37
984	2172	WerFault.exe	57
2352	2160	WerFault.exe	61
2440	2564	WerFault.exe	66
2964	764	WerFault.exe	107
1400	1564	WerFault.exe	136
1500	1748	WerFault.exe	138
2196	2776	WerFault.exe	170
2332	2876	WerFault.exe	143
944	2000	WerFault.exe	134
864	2220	WerFault.exe	173
2348	1952	WerFault.exe	175
2820	2532	WerFault.exe	186
2072	1744	WerFault.exe	209
1808	2824	WerFault.exe	174
2816	1312	WerFault.exe	216
2848	2008	WerFault.exe	246
1164	3048	WerFault.exe	265
1052	2320	WerFault.exe	235
2104	1548	WerFault.exe	253
2984	1208	WerFault.exe	240
2328	2528	WerFault.exe	268
1812	1760	WerFault.exe	333
2208	2908	WerFault.exe	273
2500	1456	WerFault.exe	270
3468	1152	WerFault.exe	298
3832	1868	WerFault.exe	320
3672	3640	WerFault.exe	372
2268	2476	WerFault.exe	340
556	3400	WerFault.exe	367

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28360.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe
2596	Unicorn-63238.exe
1984	Unicorn-42948.exe
2040	Unicorn-63923.exe
1804	Unicorn-45937.exe
2812	Unicorn-25517.exe
1132	Unicorn-5501.exe
1784	Unicorn-46342.exe
1460	Unicorn-38728.exe
580	Unicorn-42978.exe
2028	Unicorn-17728.exe
1304	Unicorn-29980.exe
1960	Unicorn-24993.exe
2436	Unicorn-53581.exe
1876	Unicorn-62304.exe
900	Unicorn-54889.exe
820	Unicorn-43191.exe
2400	Unicorn-8272.exe
2532	Unicorn-29761.exe
1600	Unicorn-37375.exe
1764	Unicorn-32222.exe
576	Unicorn-29482.exe
2056	Unicorn-38719.exe
2760	Unicorn-10493.exe
2172	Unicorn-58947.exe
2660	Unicorn-50068.exe
1236	Unicorn-9782.exe
2160	Unicorn-17204.exe
1456	Unicorn-33732.exe
2816	Unicorn-53768.exe
2932	Unicorn-49684.exe
2512	Unicorn-5314.exe
2864	Unicorn-54323.exe
2564	Unicorn-20904.exe
2784	Unicorn-50239.exe
1720	Unicorn-31162.exe
264	Unicorn-42860.exe
1660	Unicorn-4204.exe
452	Unicorn-29263.exe
1548	Unicorn-8096.exe
564	Unicorn-29071.exe
2268	Unicorn-57105.exe
2800	Unicorn-12735.exe
1260	Unicorn-30415.exe
2412	Unicorn-7904.exe
2408	Unicorn-62533.exe
836	Unicorn-14079.exe
2500	Unicorn-5164.exe
1812	Unicorn-37837.exe
1080	Unicorn-18102.exe
2300	Unicorn-1573.exe
2552	Unicorn-5657.exe
544	Unicorn-39076.exe
2808	Unicorn-43160.exe
2320	Unicorn-57463.exe
2104	Unicorn-28360.exe
1760	Unicorn-40058.exe
2936	Unicorn-57271.exe
2960	Unicorn-12901.exe
2896	Unicorn-45019.exe
2828	Unicorn-13690.exe
2248	Unicorn-42833.exe
1872	Unicorn-5330.exe
1316	Unicorn-9414.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2596	1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe	30
PID 1736 wrote to memory of 2596	1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe	30
PID 1736 wrote to memory of 2596	1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe	30
PID 1736 wrote to memory of 2596	1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe	30
PID 2596 wrote to memory of 1984	2596	Unicorn-63238.exe	31
PID 2596 wrote to memory of 1984	2596	Unicorn-63238.exe	31
PID 2596 wrote to memory of 1984	2596	Unicorn-63238.exe	31
PID 2596 wrote to memory of 1984	2596	Unicorn-63238.exe	31
PID 1736 wrote to memory of 2040	1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe	32
PID 1736 wrote to memory of 2040	1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe	32
PID 1736 wrote to memory of 2040	1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe	32
PID 1736 wrote to memory of 2040	1736	8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe	32
PID 2596 wrote to memory of 2312	2596	Unicorn-63238.exe	33
PID 2596 wrote to memory of 2312	2596	Unicorn-63238.exe	33
PID 2596 wrote to memory of 2312	2596	Unicorn-63238.exe	33
PID 2596 wrote to memory of 2312	2596	Unicorn-63238.exe	33
PID 1984 wrote to memory of 1804	1984	Unicorn-42948.exe	34
PID 1984 wrote to memory of 1804	1984	Unicorn-42948.exe	34
PID 1984 wrote to memory of 1804	1984	Unicorn-42948.exe	34
PID 1984 wrote to memory of 1804	1984	Unicorn-42948.exe	34
PID 2040 wrote to memory of 2812	2040	Unicorn-63923.exe	35
PID 2040 wrote to memory of 2812	2040	Unicorn-63923.exe	35
PID 2040 wrote to memory of 2812	2040	Unicorn-63923.exe	35
PID 2040 wrote to memory of 2812	2040	Unicorn-63923.exe	35
PID 1984 wrote to memory of 2272	1984	Unicorn-42948.exe	36
PID 1984 wrote to memory of 2272	1984	Unicorn-42948.exe	36
PID 1984 wrote to memory of 2272	1984	Unicorn-42948.exe	36
PID 1984 wrote to memory of 2272	1984	Unicorn-42948.exe	36
PID 1804 wrote to memory of 1132	1804	Unicorn-45937.exe	37
PID 1804 wrote to memory of 1132	1804	Unicorn-45937.exe	37
PID 1804 wrote to memory of 1132	1804	Unicorn-45937.exe	37
PID 1804 wrote to memory of 1132	1804	Unicorn-45937.exe	37
PID 2812 wrote to memory of 1784	2812	Unicorn-25517.exe	38
PID 2812 wrote to memory of 1784	2812	Unicorn-25517.exe	38
PID 2812 wrote to memory of 1784	2812	Unicorn-25517.exe	38
PID 2812 wrote to memory of 1784	2812	Unicorn-25517.exe	38
PID 2040 wrote to memory of 1460	2040	Unicorn-63923.exe	39
PID 2040 wrote to memory of 1460	2040	Unicorn-63923.exe	39
PID 2040 wrote to memory of 1460	2040	Unicorn-63923.exe	39
PID 2040 wrote to memory of 1460	2040	Unicorn-63923.exe	39
PID 1804 wrote to memory of 1500	1804	Unicorn-45937.exe	40
PID 1804 wrote to memory of 1500	1804	Unicorn-45937.exe	40
PID 1804 wrote to memory of 1500	1804	Unicorn-45937.exe	40
PID 1804 wrote to memory of 1500	1804	Unicorn-45937.exe	40
PID 1784 wrote to memory of 2028	1784	Unicorn-46342.exe	41
PID 1784 wrote to memory of 2028	1784	Unicorn-46342.exe	41
PID 1784 wrote to memory of 2028	1784	Unicorn-46342.exe	41
PID 1784 wrote to memory of 2028	1784	Unicorn-46342.exe	41
PID 2812 wrote to memory of 580	2812	Unicorn-25517.exe	42
PID 2812 wrote to memory of 580	2812	Unicorn-25517.exe	42
PID 2812 wrote to memory of 580	2812	Unicorn-25517.exe	42
PID 2812 wrote to memory of 580	2812	Unicorn-25517.exe	42
PID 1132 wrote to memory of 1760	1132	Unicorn-5501.exe	43
PID 1132 wrote to memory of 1760	1132	Unicorn-5501.exe	43
PID 1132 wrote to memory of 1760	1132	Unicorn-5501.exe	43
PID 1132 wrote to memory of 1760	1132	Unicorn-5501.exe	43
PID 1460 wrote to memory of 1304	1460	Unicorn-38728.exe	44
PID 1460 wrote to memory of 1304	1460	Unicorn-38728.exe	44
PID 1460 wrote to memory of 1304	1460	Unicorn-38728.exe	44
PID 1460 wrote to memory of 1304	1460	Unicorn-38728.exe	44
PID 580 wrote to memory of 1960	580	Unicorn-42978.exe	45
PID 580 wrote to memory of 1960	580	Unicorn-42978.exe	45
PID 580 wrote to memory of 1960	580	Unicorn-42978.exe	45
PID 580 wrote to memory of 1960	580	Unicorn-42978.exe	45

C:\Users\Admin\AppData\Local\Temp\8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe
"C:\Users\Admin\AppData\Local\Temp\8a2ca8e29a802566c1b48652f9f63fef8357beb8384c1f9c4402aad2c97899e7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5501.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 244
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1500
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2272
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
        12⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60852.exe
        13⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        14⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
        15⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        16⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        17⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
        18⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        16⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17058.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        11⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 244
        12⤵
        Program crash
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        11⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        12⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        13⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        14⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        15⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        16⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        17⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        16⤵
        Program crash
        
        PID:2268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        15⤵
        Program crash
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        12⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        13⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        14⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
        15⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        10⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        12⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        14⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        15⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        16⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        17⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        16⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
        11⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        12⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        13⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33731.exe
        14⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        15⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        16⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        10⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52689.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        12⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        13⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        14⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        15⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        17⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        10⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe
        11⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        12⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 224
        13⤵
        Program crash
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25933.exe
        10⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
        11⤵
        Program crash
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57105.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
        10⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22376.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        13⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36367.exe
        14⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
        16⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        9⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
        11⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        14⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
        13⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        14⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
        15⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
        9⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        10⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        11⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        12⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
        13⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45443.exe
        14⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        16⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8096.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57271.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        10⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
        11⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 220
        12⤵
        Program crash
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58615.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
        11⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        12⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
        14⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33394.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46671.exe
        16⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
        9⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        11⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 220
        12⤵
        Program crash
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45616.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5320.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
        13⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
        15⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        10⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
        11⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28915.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29315.exe
        13⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 220
        8⤵
        Program crash
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
        9⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16071.exe
        11⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 244
        12⤵
        Program crash
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51151.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        12⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
        13⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        14⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1760.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3348.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        11⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        13⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        13⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        14⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        10⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        11⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        12⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        13⤵
        
        PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
        10⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
        12⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        13⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
        14⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59003.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
        16⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        16⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        17⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 376
        16⤵
        Program crash
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 368
        15⤵
        Program crash
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 376
        12⤵
        Program crash
        
        PID:1808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 376
        11⤵
        Program crash
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
        9⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        11⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        12⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        13⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        15⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 376
        12⤵
        Program crash
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14053.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        9⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        11⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54161.exe
        12⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
        13⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        15⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
        11⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
        13⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 244
        14⤵
        Program crash
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
        13⤵
        Program crash
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe
        8⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 244
        9⤵
        Program crash
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        8⤵
        
        PID:764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 244
        9⤵
        Program crash
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        10⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        13⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        14⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30458.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36159.exe
        11⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        12⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
        14⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        12⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
        13⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 220
        7⤵
        Program crash
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38003.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        8⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        9⤵
        Program crash
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9798.exe
        7⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42028.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        12⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64265.exe
        13⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58923.exe
        14⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6896.exe
        12⤵
        
        PID:3520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        10⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37998.exe
        11⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        12⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11088.exe
        14⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        15⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46372.exe
        16⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
        17⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        18⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        13⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44322.exe
        14⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
        15⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60892.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        12⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 200
        14⤵
        Program crash
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
        12⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43751.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        14⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17810.exe
        15⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        16⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55849.exe
        10⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
        11⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 224
        12⤵
        Program crash
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        9⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        13⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6839.exe
        14⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        15⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46375.exe
        15⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        9⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 200
        10⤵
        Program crash
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        8⤵
        Executes dropped EXE
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        9⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        10⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 224
        11⤵
        Program crash
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65128.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        12⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        13⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49034.exe
        14⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
        15⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50466.exe
        13⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        12⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
        13⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
        14⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        9⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        10⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        11⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        12⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        14⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        15⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50639.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61210.exe
        9⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        11⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        13⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53430.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        7⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43229.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        10⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
        11⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        12⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21718.exe
        13⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1554.exe
        14⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10374.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52305.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2339.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33336.exe
        12⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26907.exe
        14⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43793.exe
        15⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
        15⤵
        Program crash
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48432.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
        10⤵
        Program crash
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        9⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        10⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 224
        11⤵
        Program crash
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        12⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
        13⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        11⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
        12⤵
        
        PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 224
        6⤵
        Program crash
        
        PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18097.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1000.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36678.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
        12⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22994.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        14⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        12⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        13⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        14⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17031.exe
        9⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47451.exe
        10⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        11⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        12⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        13⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
        6⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
        10⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        11⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        12⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        13⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50480.exe
        14⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24409.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 220
        10⤵
        Program crash
        
        PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1554.exe

Filesize
192KB

MD5
a553c88ec593c1a2890e352211b9f471

SHA1
43a013dde63f55835bd4f4de3e7aab17ec61ea98

SHA256
cd143691a6e6bb76904ab9e689bdb901e22ebacef813a4c01b53290dd77305d9

SHA512
5ad21c4cd7050ade4dfd9717d2cb83f5cf1af9e710e2d72c5903eaa3d3acca279b24723e86a5a4c61b026612f91fe366cb84269d05333e026198f56e99715f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe

Filesize
192KB

MD5
a4647189d0661923814df8c9f802b480

SHA1
b3fab9a7f13466d71ad09e04965373e52b8d4791

SHA256
5a5fde16e132ebdd800a637f981f51e1305ddd693c53b813c085b0aef29ff37c

SHA512
e6dab3bb80be108d9943fa1b3618df8f2e3907c17034c45ca02aea4ab1fffd870ec0d8dabf432b9106cee709c28f021ca7cbef5260540590fed6c6b29457f08e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe

Filesize
192KB

MD5
7cb1b23686ab80c41b25b8e031642eef

SHA1
03ea06476b04627a9734308278c020f3cca241f9

SHA256
b5660deaee5cfac6c1bb0ef20c13e7a9cab2d3ce146b000213ddcdbf8e1f0f93

SHA512
813194934b8cfde62bd29f2092d5d351ed7fa7a276b479e7b44705590484911aab96402d556aac4d21ce27a5f339e61ac19f215a3a2620d1ace8d686b34f1c6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe

Filesize
192KB

MD5
d9754151db49646ce8443e16db649a69

SHA1
2d3f953d10c6378d129992ba0062a0baac400265

SHA256
0ff8d4c46bb0cd8ca23d3f90d9cc368bcc75ec72b712bb02e0aeabfd6934e94c

SHA512
7baccc9df02a090d887bb38635851eae8dd55e1cadd1483f7b1dba24673d59ac4418b5f74d5efd363c5feac313fea0b2449d2f38dbf7dc39db5b1a93513638eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe

Filesize
192KB

MD5
c4fc75c689ca1172a410ddbced3e5996

SHA1
9b99b5dad336c862b2d3100474f10734d2ddcd14

SHA256
6bff5e29a0c9de038a6de38b3e33bbfc666f3308c99f5503e6671834408027c7

SHA512
a0db6862d9426d2f61ead2d90006313e2855dc74d01fbc90540ff5610dbadcd7404fae477bad2eba88f0382fca4e47d73224b6b4266b859c70c6fb797a8bcaeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe

Filesize
192KB

MD5
e91d06cd9c914fe46db6ee08d1baf4fa

SHA1
72373cc3050106396f711b784440927aa01cda58

SHA256
1a8e11e42507497f5a1afc8f84929b2ecb0bebb92733d713c6d6a1312ab3c50c

SHA512
17241d03cec8fcabee3c4381595ae5ac9f53cc784049ee512493ca8c7096c864969e51adba0d3567751139d6445ef2384459585b445ffe7858183707640d6193

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe

Filesize
192KB

MD5
4024dfbd345aa5984323403ad4160039

SHA1
f55535463eacaf8ae4fced44be18961b201acf24

SHA256
bfc22722c376c7500ee197ce63ff556e32dd77ed1c7d54feaa26fd5cd1db8b5b

SHA512
e88447f5d10e6982a71c8c47043b37e3c4153a9f70a6cead6f34dedb3e3091ed327b899a4c472a576b1a6b2b999d6f81a36e9327857835595e3d181da9e61572

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe

Filesize
192KB

MD5
521f2a704de75a66182507fb57086f03

SHA1
f465952a0c7d5cac8e096814882dd5a4ee33b731

SHA256
7cbe1fa56d16314139b2f481336ca46486fac652332bad0fb0f0a6d1c4fdffc7

SHA512
debfaf7ead418e2c9e530247b010f7dbcb1f1f5e355bd1d75e1af96238c7845e55684a08176581a238b1ad38d57f1b8b4cdf12f274856a854313d2b374008c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe

Filesize
192KB

MD5
64093834ddf233452853123a8bd13671

SHA1
32662f4dcc7fbb28df4563c9f693eab8c82e5d31

SHA256
06bb5ebbee1b0465f75de9f6ff49509ce9bc20fbf6b7e4e49b83bafe21b5e300

SHA512
40b834746a14335b37263d49a25cf9da733822f11daa9cc07ff96e65c4ed2723b190eebf87ad271bec42f0e70256ab679434cb7028247831914acb5eadec2fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe

Filesize
192KB

MD5
187f75954afd9ed09c4655fc320df1a2

SHA1
2d20194279c67aad2c7ee24c4028f0970f9b92ff

SHA256
eb3f8ffbf8cd50537c9fefecd3b2c4502dbc30884926ddbfd340c9a61ead9812

SHA512
7a865c971eef06dfede720babceede0a8b77840c3a2e1fc2c2c657698c6ac874b9d65c8ba1a12d084e60bc840790ad6f8ef012926c67dd6ebd7f32784728c849

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe

Filesize
192KB

MD5
44b2930bf0420efa43117466efee2faa

SHA1
b3b8cf57d1774c43a95f2bc5ce6373e3d00842ec

SHA256
1b33c34d81d602b929116929aa97b1573da84911f8b260ef10461d3851bf3970

SHA512
7cdc79eb49e1c7c6467cd4dcdaa30dc1a26ae5a4c6236670fc2afd40fbaf39be708c4dddf3db4de1b1518258c63038c93774b4a85400a47d36c86ee39e547ad3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25517.exe

Filesize
192KB

MD5
222a0e1cac607c5ef74c828c6853daec

SHA1
8a3907e3e408601d04fa754e0834db2f14801a48

SHA256
1a2fb44565896f40a4c4c53b0ca5f99b9fb93b958a1fc9e6a27a6fb2f0f9dbf0

SHA512
98949b8a9ff807e62f158fd553785cbb9ee013a1fafa410d662655591abf9ed4412f71183b49fbd0673f950da5064780895e3df7c7659b3fb75a653a6bae0787

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe

Filesize
192KB

MD5
b4e8e6f891cb2472758b2718280aca9d

SHA1
79c0aa56b798bec5eae13c360ba40b306b3806f1

SHA256
42eec7f47a4fe8c4911ae250483f6e10764297e33fd12373beb5588b280c8077

SHA512
60fa6fa6bd50b5a59b4a3160ae4db4236a666296437a55e794c0013016e4aff95d7772498e00fc04c02448731df4459824400aa112d79da5c35dc0821a0abf22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe

Filesize
192KB

MD5
80360894d62faf04cf8be4929d90ae54

SHA1
e52046f287e4b1f1e25068549284b05c5c6d348a

SHA256
fea76b1f7f83ba2c47d6adf2ebcdb4a90832c240065a8d57dead4e6631954f42

SHA512
96609215b504ad0322d8320726bd3cb548d064b1fa3b3470e93fe62150f32d98439f7170ae749b62bcce7b282d74f169524963b81f4669a3ad573d3cd81163b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe

Filesize
192KB

MD5
68432f320181bbe27964c5d940f47850

SHA1
a7f41e870d4f5e0d789c7ad8aaa4eeb6ff68e565

SHA256
8bd99d2ad73ea6f13d99dda82c578b56066cc64b130a55ae3e06e42673da5ae9

SHA512
75afd324f126eda72f5d19f0b88cfea7e2e0e122b0a7ade13a5680bdf7a6f10cee7fbb5fa4a33608cb60d79c5230090512e00a14e7d8b75d7b5f267c2866a6e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45937.exe

Filesize
192KB

MD5
b15bb3164c42cf7a293887d8729d9f10

SHA1
59bc8c39cc05a62bbc2a9796744986b05318c4c4

SHA256
6e8315ae8cb0b86f28be0fab42e6cd9d9be86346b1700b7eb86b38ce1430a012

SHA512
0ff0eab5b03d12a1d6ca803c1e13cd493f313fb01c7bc00ddd3f415a8c480e977ff9dfbd9e7acd27337555ebbbc997c2bb742467a5ee5d4898a53cffadb0b23c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe

Filesize
192KB

MD5
bd2111ddb597dc2d0fc99a32fab39424

SHA1
1800f8f4bbdb15e2ec67a657303db90b492af470

SHA256
ed94e2e97b150f31fdd0bdcfe82c38f6dfe1c6ecd049368b5c621cfc1e52b663

SHA512
16ad8902d8f1188af8a49ee58e9488fd81edcdbe810075df63d144abcff66734dee64520191d94082919b1c24f5a7b3286537ee87d01842c9e3f8dc07f1d31c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5501.exe

Filesize
192KB

MD5
7585f8d2d48ddea7564ba4cfdfded88a

SHA1
650817877c6ab624b203e37d51143c8d5f55d301

SHA256
21b1f996b14fe0f5094e2c86363e7ec1f5c4fd4476531a6bc40f1b87eb685e4a

SHA512
7935d322b649318cc695a8a6cca47bc72e9258645b86dc50234ac389f3c2d3beebd7a31b7877dc8c833f9e265ea20a1c29464e10f6c1ef32195ead51ef806d4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe

Filesize
192KB

MD5
b943d462d59d380593310d6e0f1da995

SHA1
ea241de98238674e1c1b4d663f9777b333d3bf72

SHA256
67b73d16e9d635e444221caf390af859664a49eaeb691807a2816b5d018d3c1c

SHA512
d8d8e61d229d7fbad89665486dbd6bffd4c3e1feaa8adcf51cc7d571157e1e9bb2e4a2bfab55d36436b865ac686a8caa1bd63615ab6fca12224e5de620a97952

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe

Filesize
192KB

MD5
19bc2083b5bda9f5b0717c819c3db560

SHA1
80927b26226dee826ad9a4aee847d382b453611a

SHA256
fcc2e92a2b5b7447e855aed5a9d03bf455e61dbb635ebaf52580655d8e3b6cfa

SHA512
e007caa4cd85b501506484de5703c91b792fc5b2a29e5ca49efe2f572ef8e19d3dcfd4484a733113acc382cd9ce368a6ac3ded9afaac4a33d1cb7471b169f065

Download Submit
memory/2432-1208-0x0000000002A20000-0x0000000002B7C000-memory.dmp

Filesize
1.4MB

Download