e9fa1fcaecd79620be0a13e9388f52c93579229010308f0c78a2e29c6e9f0ae4

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

def58b0dbe23eca0741a351a6f1bf790N.exe
Size

184KB
MD5

def58b0dbe23eca0741a351a6f1bf790
SHA1

ebd9daf70db68806663dae22454a57d49736212c
SHA256

e9fa1fcaecd79620be0a13e9388f52c93579229010308f0c78a2e29c6e9f0ae4
SHA512

bdfc77ebc336b7d9a0ff291342747a866c959f25cf2a6d9121ee1be7643b522f0f83e9fe40c9fcb1f24215dfc60eb4bc90fd8531d214ec04cf41ab86b862ee97
SSDEEP

3072:TwkRbxo6WJOGenFWe5Oh+oLLhljViFonn:TwQo+xnFehLLLhljViFo

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2120	Unicorn-41518.exe
2604	Unicorn-50791.exe
2364	Unicorn-61419.exe
2684	Unicorn-16049.exe
1036	Unicorn-3796.exe
2892	Unicorn-41299.exe
2992	Unicorn-27782.exe
3004	Unicorn-3832.exe
2628	Unicorn-45825.exe
2864	Unicorn-8321.exe
1964	Unicorn-36910.exe
2032	Unicorn-49484.exe
2340	Unicorn-91.exe
1832	Unicorn-45016.exe
320	Unicorn-37402.exe
904	Unicorn-36848.exe
2940	Unicorn-12898.exe
1960	Unicorn-9006.exe
1828	Unicorn-28545.exe
2128	Unicorn-511.exe
3052	Unicorn-24631.exe
928	Unicorn-340.exe
1324	Unicorn-41927.exe
3032	Unicorn-49733.exe
2316	Unicorn-29313.exe
888	Unicorn-58456.exe
2956	Unicorn-8700.exe
1592	Unicorn-53817.exe
396	Unicorn-59930.exe
2672	Unicorn-51762.exe
1368	Unicorn-27812.exe
2692	Unicorn-15005.exe
1568	Unicorn-45815.exe
612	Unicorn-57745.exe
2988	Unicorn-24819.exe
944	Unicorn-54346.exe
1976	Unicorn-506.exe
2856	Unicorn-25565.exe
3012	Unicorn-33925.exe
2968	Unicorn-37263.exe
852	Unicorn-25011.exe
1396	Unicorn-51186.exe
1784	Unicorn-18343.exe
2236	Unicorn-49707.exe
2200	Unicorn-44876.exe
1700	Unicorn-20564.exe
1164	Unicorn-58067.exe
960	Unicorn-12395.exe
1532	Unicorn-45815.exe
1040	Unicorn-29286.exe
2164	Unicorn-56744.exe
2960	Unicorn-28710.exe
2464	Unicorn-44492.exe
1276	Unicorn-45431.exe
2608	Unicorn-52852.exe
2616	Unicorn-16650.exe
1968	Unicorn-17056.exe
3020	Unicorn-21886.exe
1892	Unicorn-24840.exe
2832	Unicorn-8503.exe
1652	Unicorn-49344.exe
2880	Unicorn-20948.exe
2584	Unicorn-4611.exe
1868	Unicorn-54367.exe

Loads dropped DLL 64 IoCs

pid	Process
2488	def58b0dbe23eca0741a351a6f1bf790N.exe
2488	def58b0dbe23eca0741a351a6f1bf790N.exe
2120	Unicorn-41518.exe
2488	def58b0dbe23eca0741a351a6f1bf790N.exe
2488	def58b0dbe23eca0741a351a6f1bf790N.exe
2120	Unicorn-41518.exe
2604	Unicorn-50791.exe
2604	Unicorn-50791.exe
2364	Unicorn-61419.exe
2364	Unicorn-61419.exe
2120	Unicorn-41518.exe
2120	Unicorn-41518.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
1036	Unicorn-3796.exe
1036	Unicorn-3796.exe
2364	Unicorn-61419.exe
2364	Unicorn-61419.exe
2604	Unicorn-50791.exe
2604	Unicorn-50791.exe
2684	Unicorn-16049.exe
2684	Unicorn-16049.exe
2892	Unicorn-41299.exe
2892	Unicorn-41299.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
2232	WerFault.exe
1488	WerFault.exe
2232	WerFault.exe
3004	Unicorn-3832.exe
3004	Unicorn-3832.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2628	Unicorn-45825.exe
2628	Unicorn-45825.exe
2992	Unicorn-27782.exe
2992	Unicorn-27782.exe
2684	Unicorn-16049.exe
2684	Unicorn-16049.exe
2060	WerFault.exe
1036	Unicorn-3796.exe
1964	Unicorn-36910.exe
1036	Unicorn-3796.exe
1964	Unicorn-36910.exe
2892	Unicorn-41299.exe
2892	Unicorn-41299.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
2180	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2720	2488	WerFault.exe	27
2520	2120	WerFault.exe	28
1488	2604	WerFault.exe	30
2232	2364	WerFault.exe	29
2060	2864	WerFault.exe	39
764	1036	WerFault.exe	33
2180	2684	WerFault.exe	32
2352	2892	WerFault.exe	34
276	2340	WerFault.exe	45
2324	3004	WerFault.exe	37
3044	2628	WerFault.exe	38
2772	2992	WerFault.exe	36
2788	1964	WerFault.exe	40
1620	2032	WerFault.exe	43
2492	904	WerFault.exe	49
2388	320	WerFault.exe	47
1176	1832	WerFault.exe	46
2012	2940	WerFault.exe	48
2016	1960	WerFault.exe	50
2568	1976	WerFault.exe	77
2924	2128	WerFault.exe	55
2304	1828	WerFault.exe	54
1712	1324	WerFault.exe	59
2288	2956	WerFault.exe	63
2472	1592	WerFault.exe	64
2244	928	WerFault.exe	58
2292	2316	WerFault.exe	61
2724	888	WerFault.exe	62
2704	3052	WerFault.exe	57
2544	3032	WerFault.exe	60
1884	2672	WerFault.exe	69
1096	1368	WerFault.exe	68
2808	396	WerFault.exe	67
2860	2692	WerFault.exe	72
1376	1568	WerFault.exe	73
1612	2988	WerFault.exe	75
1056	944	WerFault.exe	76
1736	2856	WerFault.exe	79
2392	852	WerFault.exe	81
3544	612	WerFault.exe	74
3572	1396	WerFault.exe	82
3604	3012	WerFault.exe	78
3668	2464	WerFault.exe	99
3676	2584	WerFault.exe	111
3684	1276	WerFault.exe	100
3740	2236	WerFault.exe	85
3772	1868	WerFault.exe	110
3836	2200	WerFault.exe	87
3872	1664	WerFault.exe	117
3912	1892	WerFault.exe	106
3992	1532	WerFault.exe	93
4092	1700	WerFault.exe	89
3184	2832	WerFault.exe	107
3228	2164	WerFault.exe	97
3284	2848	WerFault.exe	128
3316	1040	WerFault.exe	95
3300	3020	WerFault.exe	105
3336	2616	WerFault.exe	102
3344	2708	WerFault.exe	119
3340	2404	WerFault.exe	148
3568	1968	WerFault.exe	103
4048	2968	WerFault.exe	80
4052	1812	WerFault.exe	115
2132	1652	WerFault.exe	109

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	def58b0dbe23eca0741a351a6f1bf790N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27782.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-204.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2488	def58b0dbe23eca0741a351a6f1bf790N.exe
2120	Unicorn-41518.exe
2604	Unicorn-50791.exe
2364	Unicorn-61419.exe
2684	Unicorn-16049.exe
1036	Unicorn-3796.exe
2892	Unicorn-41299.exe
2992	Unicorn-27782.exe
3004	Unicorn-3832.exe
2628	Unicorn-45825.exe
2864	Unicorn-8321.exe
1964	Unicorn-36910.exe
2032	Unicorn-49484.exe
2340	Unicorn-91.exe
320	Unicorn-37402.exe
1832	Unicorn-45016.exe
904	Unicorn-36848.exe
2940	Unicorn-12898.exe
1960	Unicorn-9006.exe
1828	Unicorn-28545.exe
2128	Unicorn-511.exe
3052	Unicorn-24631.exe
928	Unicorn-340.exe
1324	Unicorn-41927.exe
3032	Unicorn-49733.exe
2316	Unicorn-29313.exe
2956	Unicorn-8700.exe
888	Unicorn-58456.exe
1592	Unicorn-53817.exe
396	Unicorn-59930.exe
2672	Unicorn-51762.exe
1368	Unicorn-27812.exe
2692	Unicorn-15005.exe
1568	Unicorn-45815.exe
612	Unicorn-57745.exe
2988	Unicorn-24819.exe
944	Unicorn-54346.exe
2856	Unicorn-25565.exe
1976	Unicorn-506.exe
3012	Unicorn-33925.exe
852	Unicorn-25011.exe
1396	Unicorn-51186.exe
2968	Unicorn-37263.exe
1784	Unicorn-18343.exe
2236	Unicorn-49707.exe
2200	Unicorn-44876.exe
1164	Unicorn-58067.exe
1700	Unicorn-20564.exe
960	Unicorn-12395.exe
1532	Unicorn-45815.exe
1040	Unicorn-29286.exe
2164	Unicorn-56744.exe
2960	Unicorn-28710.exe
2464	Unicorn-44492.exe
1276	Unicorn-45431.exe
2608	Unicorn-52852.exe
2616	Unicorn-16650.exe
1968	Unicorn-17056.exe
3020	Unicorn-21886.exe
1892	Unicorn-24840.exe
2832	Unicorn-8503.exe
1652	Unicorn-49344.exe
1868	Unicorn-54367.exe
2584	Unicorn-4611.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2120	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	28
PID 2488 wrote to memory of 2120	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	28
PID 2488 wrote to memory of 2120	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	28
PID 2488 wrote to memory of 2120	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	28
PID 2488 wrote to memory of 2604	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	30
PID 2488 wrote to memory of 2604	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	30
PID 2488 wrote to memory of 2604	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	30
PID 2488 wrote to memory of 2604	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	30
PID 2120 wrote to memory of 2364	2120	Unicorn-41518.exe	29
PID 2120 wrote to memory of 2364	2120	Unicorn-41518.exe	29
PID 2120 wrote to memory of 2364	2120	Unicorn-41518.exe	29
PID 2120 wrote to memory of 2364	2120	Unicorn-41518.exe	29
PID 2488 wrote to memory of 2720	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	31
PID 2488 wrote to memory of 2720	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	31
PID 2488 wrote to memory of 2720	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	31
PID 2488 wrote to memory of 2720	2488	def58b0dbe23eca0741a351a6f1bf790N.exe	31
PID 2604 wrote to memory of 2684	2604	Unicorn-50791.exe	32
PID 2604 wrote to memory of 2684	2604	Unicorn-50791.exe	32
PID 2604 wrote to memory of 2684	2604	Unicorn-50791.exe	32
PID 2604 wrote to memory of 2684	2604	Unicorn-50791.exe	32
PID 2364 wrote to memory of 1036	2364	Unicorn-61419.exe	33
PID 2364 wrote to memory of 1036	2364	Unicorn-61419.exe	33
PID 2364 wrote to memory of 1036	2364	Unicorn-61419.exe	33
PID 2364 wrote to memory of 1036	2364	Unicorn-61419.exe	33
PID 2120 wrote to memory of 2892	2120	Unicorn-41518.exe	34
PID 2120 wrote to memory of 2892	2120	Unicorn-41518.exe	34
PID 2120 wrote to memory of 2892	2120	Unicorn-41518.exe	34
PID 2120 wrote to memory of 2892	2120	Unicorn-41518.exe	34
PID 2120 wrote to memory of 2520	2120	Unicorn-41518.exe	35
PID 2120 wrote to memory of 2520	2120	Unicorn-41518.exe	35
PID 2120 wrote to memory of 2520	2120	Unicorn-41518.exe	35
PID 2120 wrote to memory of 2520	2120	Unicorn-41518.exe	35
PID 1036 wrote to memory of 2992	1036	Unicorn-3796.exe	36
PID 1036 wrote to memory of 2992	1036	Unicorn-3796.exe	36
PID 1036 wrote to memory of 2992	1036	Unicorn-3796.exe	36
PID 1036 wrote to memory of 2992	1036	Unicorn-3796.exe	36
PID 2364 wrote to memory of 3004	2364	Unicorn-61419.exe	37
PID 2364 wrote to memory of 3004	2364	Unicorn-61419.exe	37
PID 2364 wrote to memory of 3004	2364	Unicorn-61419.exe	37
PID 2364 wrote to memory of 3004	2364	Unicorn-61419.exe	37
PID 2604 wrote to memory of 2628	2604	Unicorn-50791.exe	38
PID 2604 wrote to memory of 2628	2604	Unicorn-50791.exe	38
PID 2604 wrote to memory of 2628	2604	Unicorn-50791.exe	38
PID 2604 wrote to memory of 2628	2604	Unicorn-50791.exe	38
PID 2684 wrote to memory of 2864	2684	Unicorn-16049.exe	39
PID 2684 wrote to memory of 2864	2684	Unicorn-16049.exe	39
PID 2684 wrote to memory of 2864	2684	Unicorn-16049.exe	39
PID 2684 wrote to memory of 2864	2684	Unicorn-16049.exe	39
PID 2892 wrote to memory of 1964	2892	Unicorn-41299.exe	40
PID 2892 wrote to memory of 1964	2892	Unicorn-41299.exe	40
PID 2892 wrote to memory of 1964	2892	Unicorn-41299.exe	40
PID 2892 wrote to memory of 1964	2892	Unicorn-41299.exe	40
PID 2604 wrote to memory of 1488	2604	Unicorn-50791.exe	41
PID 2604 wrote to memory of 1488	2604	Unicorn-50791.exe	41
PID 2604 wrote to memory of 1488	2604	Unicorn-50791.exe	41
PID 2604 wrote to memory of 1488	2604	Unicorn-50791.exe	41
PID 2364 wrote to memory of 2232	2364	Unicorn-61419.exe	42
PID 2364 wrote to memory of 2232	2364	Unicorn-61419.exe	42
PID 2364 wrote to memory of 2232	2364	Unicorn-61419.exe	42
PID 2364 wrote to memory of 2232	2364	Unicorn-61419.exe	42
PID 3004 wrote to memory of 2032	3004	Unicorn-3832.exe	43
PID 3004 wrote to memory of 2032	3004	Unicorn-3832.exe	43
PID 3004 wrote to memory of 2032	3004	Unicorn-3832.exe	43
PID 3004 wrote to memory of 2032	3004	Unicorn-3832.exe	43

C:\Users\Admin\AppData\Local\Temp\def58b0dbe23eca0741a351a6f1bf790N.exe
"C:\Users\Admin\AppData\Local\Temp\def58b0dbe23eca0741a351a6f1bf790N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        11⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        12⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        13⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20449.exe
        14⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        13⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        12⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
        11⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        10⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        9⤵
        Program crash
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        10⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        12⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 188
        13⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        12⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        11⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
        10⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        9⤵
        Program crash
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        8⤵
        Program crash
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45115.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        11⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        12⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        13⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        13⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        12⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        11⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        10⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        9⤵
        Program crash
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        8⤵
        Program crash
        
        PID:1056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        7⤵
        Program crash
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        10⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37575.exe
        11⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        13⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
        13⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        12⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        11⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        10⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        9⤵
        Program crash
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        11⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        12⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        12⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        11⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        8⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40785.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        11⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
        12⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 236
        11⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        10⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        9⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        7⤵
        Program crash
        
        PID:2724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
        6⤵
        Program crash
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8700.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61586.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        11⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        12⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        11⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        10⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        9⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 216
        8⤵
        Program crash
        
        PID:3684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
        7⤵
        Program crash
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1472.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        11⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        13⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 236
        12⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
        11⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        10⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 200
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        9⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        8⤵
        Program crash
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        7⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        12⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
        12⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
        10⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        9⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        8⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        7⤵
        Program crash
        
        PID:3604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        6⤵
        Program crash
        
        PID:2012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        9⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44871.exe
        10⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51420.exe
        11⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        13⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 236
        14⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        13⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        12⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        11⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
        10⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        11⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        13⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 236
        12⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 216
        10⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        10⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        11⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        12⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        13⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        12⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        11⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 216
        10⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        9⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        8⤵
        Program crash
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        11⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        12⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        13⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 220
        13⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        12⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        11⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 236
        10⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        9⤵
        Program crash
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
        8⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        9⤵
        Program crash
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        8⤵
        Program crash
        
        PID:3740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        7⤵
        Program crash
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9244.exe
        12⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        12⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        11⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        10⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        9⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        8⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
        7⤵
        Program crash
        
        PID:1096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        6⤵
        Program crash
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        11⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        12⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        10⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
        9⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        8⤵
        Program crash
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 236
        7⤵
        Program crash
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        11⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
        12⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
        12⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        11⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        10⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
        9⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        8⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        10⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
        9⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
        8⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
        7⤵
        
        PID:3612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        6⤵
        Program crash
        
        PID:2924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        5⤵
        Program crash
        
        PID:2324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        10⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        11⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        12⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 240
        13⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
        12⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        11⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        12⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2472.exe
        13⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 236
        13⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 236
        12⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 240
        11⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
        10⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        9⤵
        Program crash
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        8⤵
        Program crash
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        11⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        12⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        11⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        9⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        8⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        7⤵
        Program crash
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63101.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
        12⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        12⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        9⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        8⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19511.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 236
        11⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 236
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        9⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
        8⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
        7⤵
        Program crash
        
        PID:3544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
        6⤵
        Program crash
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58114.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43844.exe
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        12⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        12⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        11⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        10⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        8⤵
        Program crash
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30993.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
        11⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        10⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        9⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        8⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        7⤵
        Program crash
        
        PID:3316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 216
        6⤵
        Program crash
        
        PID:1712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        5⤵
        Program crash
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9006.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        7⤵
        Executes dropped EXE
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6106.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 236
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
        8⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        7⤵
        Program crash
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18945.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        10⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2804.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
        11⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
        10⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        9⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        8⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
        7⤵
        Program crash
        
        PID:3772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        6⤵
        Program crash
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        11⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 216
        8⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        7⤵
        Program crash
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57116.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        10⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        9⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        8⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        7⤵
        
        PID:4340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
        6⤵
        Program crash
        
        PID:3572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        5⤵
        Program crash
        
        PID:2016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
      4⤵
      Program crash
      PID:2352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37402.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        7⤵
        Program crash
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44923.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51244.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        10⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
        11⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 236
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        8⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        7⤵
        Program crash
        
        PID:3300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        6⤵
        Program crash
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25565.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        11⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        10⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        9⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        8⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        7⤵
        Program crash
        
        PID:3184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        6⤵
        Program crash
        
        PID:1736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        5⤵
        Program crash
        
        PID:2388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        5⤵
        Program crash
        
        PID:276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 236
        10⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
        8⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
        7⤵
        
        PID:3824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        6⤵
        Program crash
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        6⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        9⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        8⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        7⤵
        
        PID:4708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        6⤵
        Program crash
        
        PID:3992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        5⤵
        Program crash
        
        PID:2704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
      4⤵
      Program crash
      PID:3044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
  2⤵
  - Program crash
  PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe

Filesize
184KB

MD5
cee1e0123debc4be696ec8dbce91554f

SHA1
3102327c6ed043a10ce2c76469194d6f5be77b97

SHA256
2cfc961a8f976d137692e2fe80d994bd11a9d20e515a5a9be26df4db269a8fce

SHA512
2bb54b86deda9553db67a8203c972d65ad7fea09f20f5dd7e4f131f86c08abeb3f6bb11f085970a74523d714a139e08209796329593397065d6ae3c4d78f6a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe

Filesize
184KB

MD5
f6abe1ba52e465d964431ddede28b517

SHA1
da55f3acc3181a6b2679af96cef816307611f0fa

SHA256
bc2c2188637cb5029b7e2758ae44c9730262ed32fb70407067c6a23087edd6a2

SHA512
db4afb60b6f4414b626e0ee267dc7d5f6678ad633b07195f1f64d6ac85ccb6f34b44728b590ee62206ac35e1ff5cb3697d68a973b78521814ca4d8de3555daa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe

Filesize
184KB

MD5
ed12bde82b8bbe9de197f8c35d7c421f

SHA1
70d93ea9e21509734c48699baa234b1d39b8a212

SHA256
c3829f61f2e33b87f7f2c3f4f39c1f1977f76cac77506582e4df42ebeb245cac

SHA512
8bf7a71fe6254bafeadba777781b3bb33063d42cf0c7185e309f9167d7a9130d357798e787c32d84a86369b4ddb54346e6073b96d318b06fadc6edf92b72bfa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe

Filesize
184KB

MD5
2e3c879d3804acd9a89cb3c9ca7d78a8

SHA1
f2ac0b8adbe71655840fa06d747032f4105590b4

SHA256
0cab1cd04889dcf6e6bfbcdaa6299317f916cb41b8d33af40a3db51849784c31

SHA512
19b1c7babe5ab3175cb54fd31c29426f12564023414eff58a66260443d74d70591eab8d6fd321c7c44ad370e60e7a78547fe70a051c3e2c36b3cff3f90630944

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55331.exe

Filesize
184KB

MD5
e39323f9cfdc035b00fbff92dc7f6b11

SHA1
df927435bd983059bca21e1b2271d72e95b6f32f

SHA256
6056ee57471ad7bdc169814ee4dba9ccecc2c0ddcbb70b03561ec62819012104

SHA512
09b2cc75b331048d3f76ed908481660f0629eb126a73b8cb9cf1e24c32c67c66ed7346be82d07eb8b65640af557b95418974f007aa77c4247cff01476c500e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe

Filesize
184KB

MD5
4a488118bfe4978a9c6b073670aa9244

SHA1
6a853e5f008b6e4d39b71523dcdfad8672fcc616

SHA256
f1a014c0fef475195a172db50e65e303aca7078e6d71ea26e655338a66ca0b3d

SHA512
97e2391653fdb88782dab68d8d092f49ee9f044332ee7f07b77e295de84b1d25b7853c5c9bf6d6d053735add8c47bc10ec70cf4cfb65d3f8fc576c62fbeb8e74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe

Filesize
184KB

MD5
04509dca8aaf768ff0ece7eef2972c2f

SHA1
da1a5f279f434bbb353a606ba42b2df915fd9426

SHA256
f944f4890c6a161de7278bd9ba89bf132c10befd9b577a954de4aa0ba04c1e04

SHA512
b43260437da1cec2241ed3724996c04eb2b1b67802d1a41a30ca67f2b684143c1ea5af93f204f55cc81d2075ba781152ddad8401c1d6536cc9a549f12cff72e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe

Filesize
184KB

MD5
2971fedacf404fcbe81571005bccc8d2

SHA1
05dd9a4e901ac7f1e99a08941bb3d385e2c4d7e5

SHA256
dba4c0cb3a94a8c376f4c9c26fbcb8b27bdd7a9719ea8cf454b53f18e06970f5

SHA512
09ebdc547c111d437519377d2b5a7a94467efef3debd65e3fa6a3fac426254a598942c7c968361ed7e5003d28ae2b8321b79da6b164f51b19a18dc6bf8ed680c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe

Filesize
184KB

MD5
a4820605ba6e723201ce3c1e17caa669

SHA1
94b10e7bc60aab1cfcbe6b1fa0786e53fa55e111

SHA256
13b1f590c6df0a0b84cb6c4eeef3eff7c1bbaa7b16394335bd5b6af133abf059

SHA512
636a0292181d92ffd382371b318c6950d47f657bd069abe99c98bfb713cb3b03b4a305fa28911e7f899716f5e6ecc3a1117f3c8bbc3849dc3f83d30a23db8659

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe

Filesize
184KB

MD5
891a592cfdcb3b73dfc9071d22994812

SHA1
f9b5cd80b475521549e457cf073bd76abc1d1cc6

SHA256
f8ec8c47b576a33140351ce9defa0070a3e6d0c01b38a3cecdb8548e3cadb1fb

SHA512
0da2be7b694162e024eeeb80427637b85d943ce92934e7714939d23e021892e840eb02104c4eb7440e671d5d57278b5456d6ff99162d69d2e741abc54d1dcb88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3832.exe

Filesize
184KB

MD5
a25a14b400f93908cc9b0511fa19513a

SHA1
448ed8dc2f3c8498d786ec061d0104ec4f92e694

SHA256
235871f8645ec2345637545b59faa2e32155cdce85dc84661b0b03a6f91b69f8

SHA512
2c47fe73d3d73e12bd87f666e1c0a5dbaf602ebaf1674dc066b9ceada10fd81eeb596e465f9ecd0a73fbf812454373318abe76913416348fec890a98286336ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe

Filesize
184KB

MD5
6b683fde031be18eaff1919195e0992a

SHA1
ab3b8c6d7622022ec4513dbdca233397b43527bf

SHA256
899ecc5fa6b8f6618f4c83a49444cffece677df23ab0c8a491c8fbe3c04106dd

SHA512
fb7aad1a3e46ea0cba684d2e47f860f0d447e5a8c8cd203ce12b07c244b53e2125d94fcff98cd98a1b7f684dfa00a927718f160748cab224496640c0133787ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41518.exe

Filesize
184KB

MD5
173e140d9f4072db5854120ac8d4baff

SHA1
3e3ec9ee2f6c84764624f5b65a7f973971058cff

SHA256
8320b4ad7abe9606c05cf38e4f147838f1f17fc5d83e87d4baa2dd9e220dbdbd

SHA512
7c5550cbe0cd181f122d5174f07cf15f88cb39665796e742e1d6dddaac0f95c0f38b1ec03bf8a1098221ce175d5f078af6c319b5279f034b228cdd927821ff94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe

Filesize
184KB

MD5
b70c86eea4bb46082a0718f5b8cbad6a

SHA1
896cdfada2d7326d318dd34f3ea1436dd41cd101

SHA256
f36cfd4604c158acc9cac340f060ede424b6b2a865664cadc97f13040e58ecb3

SHA512
0455c43d873c957946fa361721589b0bd0fc6a12b4a3c9e374c861d73b1b57228151123dfca5b0355167407cf4d5c9775d9b0ad4e53d4f5491472ab5979db963

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe

Filesize
184KB

MD5
e17d9aced4b257bcf28251a0f72490ea

SHA1
36210090fcc412c219d79451bb8f0069234ced3f

SHA256
d7bd2af703db97793214ad9bcb8ec25af34acb3074402ed985b62cc2726ca68a

SHA512
d5c494d67010496f0ce71e97955e14ad78d77c1cb2549cbc2dfb4e488f794eecfd2e76e14d56e9c1e53986840a9a06005fb16d42d4bc10fbc4531c42b6f0a4e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50791.exe

Filesize
184KB

MD5
126c611fa1de9ea76814572924edfbc4

SHA1
ec1163adac6baad0eb7164fcfc7a67da1dc32b7f

SHA256
62ac749cd4768b1f0813f81623357bbd0c2cc6e2440419100e213fc95070113b

SHA512
e4ac47c3d1186ec4e1cc2877c9eb9e6a9da4d828179f42dfa333f5d03e7fff5836bc872f5d9edf51b3df6f85869e233622f0993b92d1844845e010b74ce0d84f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe

Filesize
184KB

MD5
c63954ce136c18c846269704f6546774

SHA1
01a8120b68b9543253864d7e300992a2987f3526

SHA256
f3ba3621e43bc4c01df9f1594fef23c98ae6630172feb923c6099c819ce3ffef

SHA512
0672fc9855b912eec71c49e3a58781b76d00a58b278534b13e9b1d1f703c4b533213dbfe0925d1f82fbc4695f048d712fb1bfed05e0076d1082cf13d93c8f3e2

Download Submit