d58dcc8b3b75b44dbb3240abc30ffa73ea15cc5464db1e910708fac9ec7450ec

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 00:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7f22deb1d5385f2c1c0b6b008e1c190N.exe
Size

468KB
MD5

a7f22deb1d5385f2c1c0b6b008e1c190
SHA1

1b9afa08b6897ba1cf58475cadbcaa5b42e96dc6
SHA256

d58dcc8b3b75b44dbb3240abc30ffa73ea15cc5464db1e910708fac9ec7450ec
SHA512

b6a4c20b08bd3bc9fcbb573286bbbee199b32cc55ec66024f0cfcf259dba3b33881137c6121b7baffae7eae639571910dcc90cbca237f7ee42efab88fd130587
SSDEEP

3072:1cyOogId105UtbYJHzVjcf8/EChCPIpCnLHewVPsz8QLcZ/uYZl5:1c7o98UtOH5jcff0T/z8ao/uY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1720	Unicorn-7940.exe
2400	Unicorn-65445.exe
1672	Unicorn-19250.exe
2272	Unicorn-47933.exe
2212	Unicorn-25846.exe
2456	Unicorn-9296.exe
2704	Unicorn-15426.exe
2208	Unicorn-32408.exe
2508	Unicorn-6458.exe
2500	Unicorn-20180.exe
2988	Unicorn-2473.exe
1512	Unicorn-45265.exe
1856	Unicorn-37428.exe
584	Unicorn-39400.exe
1776	Unicorn-47404.exe
1144	Unicorn-23153.exe
2816	Unicorn-13346.exe
2804	Unicorn-54336.exe
2584	Unicorn-43082.exe
2748	Unicorn-16548.exe
2968	Unicorn-58103.exe
1084	Unicorn-2842.exe
1612	Unicorn-51959.exe
2980	Unicorn-28444.exe
1908	Unicorn-5628.exe
880	Unicorn-8565.exe
1768	Unicorn-28431.exe
2448	Unicorn-39406.exe
2904	Unicorn-12937.exe
304	Unicorn-58085.exe
2192	Unicorn-47141.exe
1592	Unicorn-4420.exe
2408	Unicorn-58179.exe
2420	Unicorn-9891.exe
2288	Unicorn-52035.exe
2332	Unicorn-46415.exe
860	Unicorn-11583.exe
2668	Unicorn-2699.exe
2632	Unicorn-40795.exe
2596	Unicorn-27996.exe
2592	Unicorn-55655.exe
2356	Unicorn-35265.exe
2512	Unicorn-14420.exe
2536	Unicorn-517.exe
1780	Unicorn-8800.exe
1688	Unicorn-42707.exe
2484	Unicorn-13694.exe
3040	Unicorn-13694.exe
976	Unicorn-8088.exe
2300	Unicorn-39045.exe
1808	Unicorn-36361.exe
1608	Unicorn-47602.exe
1940	Unicorn-1930.exe
1072	Unicorn-58537.exe
2852	Unicorn-11673.exe
2796	Unicorn-4464.exe
3024	Unicorn-46473.exe
1132	Unicorn-2793.exe
1972	Unicorn-7822.exe
924	Unicorn-53494.exe
1772	Unicorn-26819.exe
2468	Unicorn-35498.exe
1028	Unicorn-8087.exe
2224	Unicorn-47286.exe

Loads dropped DLL 64 IoCs

pid	Process
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
1720	Unicorn-7940.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
1720	Unicorn-7940.exe
1672	Unicorn-19250.exe
1720	Unicorn-7940.exe
1720	Unicorn-7940.exe
1672	Unicorn-19250.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
2400	Unicorn-65445.exe
2400	Unicorn-65445.exe
2272	Unicorn-47933.exe
2272	Unicorn-47933.exe
1672	Unicorn-19250.exe
1672	Unicorn-19250.exe
2456	Unicorn-9296.exe
2456	Unicorn-9296.exe
2212	Unicorn-25846.exe
2212	Unicorn-25846.exe
2400	Unicorn-65445.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
1720	Unicorn-7940.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
2400	Unicorn-65445.exe
1720	Unicorn-7940.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2208	Unicorn-32408.exe
2208	Unicorn-32408.exe
2272	Unicorn-47933.exe
2272	Unicorn-47933.exe
2508	Unicorn-6458.exe
2508	Unicorn-6458.exe
1672	Unicorn-19250.exe
1672	Unicorn-19250.exe
2500	Unicorn-20180.exe
2500	Unicorn-20180.exe
2456	Unicorn-9296.exe
2456	Unicorn-9296.exe
1512	Unicorn-45265.exe
1512	Unicorn-45265.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
1856	Unicorn-37428.exe
1856	Unicorn-37428.exe
2400	Unicorn-65445.exe
2400	Unicorn-65445.exe
2988	Unicorn-2473.exe
2988	Unicorn-2473.exe
2212	Unicorn-25846.exe
2212	Unicorn-25846.exe
584	Unicorn-39400.exe
584	Unicorn-39400.exe
1720	Unicorn-7940.exe
1720	Unicorn-7940.exe
1776	Unicorn-47404.exe
1776	Unicorn-47404.exe
2208	Unicorn-32408.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2184	2704	WerFault.exe	36
292	2448	WerFault.exe	58
1068	2512	WerFault.exe	73
2696	1972	WerFault.exe	91
1488	2852	WerFault.exe	86
468	924	WerFault.exe	90
3064	1612	WerFault.exe	53
2092	2880	WerFault.exe	103
1312	268	WerFault.exe	122
2740	2332	WerFault.exe	66
3068	2656	WerFault.exe	132
2052	1776	WerFault.exe	45
2708	304	WerFault.exe	60
2496	1904	WerFault.exe	119
3600	1968	WerFault.exe	110
3592	2860	WerFault.exe	115
3776	1340	WerFault.exe	120
4052	2760	WerFault.exe	130
3740	2988	WerFault.exe	41
4044	2468	WerFault.exe	93
3972	1768	WerFault.exe	57
3976	1028	WerFault.exe	94
3940	2408	WerFault.exe	63
3620	2804	WerFault.exe	48
3432	3420	WerFault.exe	228
4476	1716	WerFault.exe	102
4580	448	WerFault.exe	152
4572	2412	WerFault.exe	158
4564	2788	WerFault.exe	153
4556	2664	WerFault.exe	151
4548	3044	WerFault.exe	161
4836	2600	WerFault.exe	133
4960	1628	WerFault.exe	111
5024	1072	WerFault.exe	85
5040	2596	WerFault.exe	70
5008	2668	WerFault.exe	68
4972	1940	WerFault.exe	84
4988	2500	WerFault.exe	39
5072	1984	WerFault.exe	116
5064	696	WerFault.exe	118
5056	2780	WerFault.exe	114
4648	2252	WerFault.exe	101
4512	1316	WerFault.exe	124
4708	768	WerFault.exe	135
4736	2004	WerFault.exe	134
4304	3040	WerFault.exe	78
4136	3024	WerFault.exe	89
4224	2288	WerFault.exe	65
4532	2428	WerFault.exe	98
4352	2112	WerFault.exe	100
4504	1688	WerFault.exe	76
4164	2300	WerFault.exe	80
4732	2796	WerFault.exe	87
1432	2904	WerFault.exe	59
4896	2192	WerFault.exe	61
5300	1748	WerFault.exe	149
5316	2224	WerFault.exe	95
5328	2188	WerFault.exe	121
5384	2248	WerFault.exe	125
5420	1660	WerFault.exe	143
5432	2768	WerFault.exe	145
5780	3020	WerFault.exe	117
5832	2256	WerFault.exe	96
5976	684	WerFault.exe	156

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31707.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe
1720	Unicorn-7940.exe
1672	Unicorn-19250.exe
2400	Unicorn-65445.exe
2272	Unicorn-47933.exe
2212	Unicorn-25846.exe
2704	Unicorn-15426.exe
2456	Unicorn-9296.exe
2208	Unicorn-32408.exe
2508	Unicorn-6458.exe
2500	Unicorn-20180.exe
1512	Unicorn-45265.exe
2988	Unicorn-2473.exe
1856	Unicorn-37428.exe
584	Unicorn-39400.exe
1776	Unicorn-47404.exe
1144	Unicorn-23153.exe
2816	Unicorn-13346.exe
2804	Unicorn-54336.exe
2584	Unicorn-43082.exe
2748	Unicorn-16548.exe
2968	Unicorn-58103.exe
1084	Unicorn-2842.exe
1612	Unicorn-51959.exe
880	Unicorn-8565.exe
1768	Unicorn-28431.exe
1908	Unicorn-5628.exe
2980	Unicorn-28444.exe
2448	Unicorn-39406.exe
2904	Unicorn-12937.exe
304	Unicorn-58085.exe
2192	Unicorn-47141.exe
1592	Unicorn-4420.exe
2408	Unicorn-58179.exe
2420	Unicorn-9891.exe
2288	Unicorn-52035.exe
2332	Unicorn-46415.exe
860	Unicorn-11583.exe
2668	Unicorn-2699.exe
2632	Unicorn-40795.exe
2596	Unicorn-27996.exe
2592	Unicorn-55655.exe
2356	Unicorn-35265.exe
2512	Unicorn-14420.exe
1780	Unicorn-8800.exe
2536	Unicorn-517.exe
1688	Unicorn-42707.exe
3040	Unicorn-13694.exe
2484	Unicorn-13694.exe
976	Unicorn-8088.exe
2300	Unicorn-39045.exe
1940	Unicorn-1930.exe
1808	Unicorn-36361.exe
1608	Unicorn-47602.exe
1072	Unicorn-58537.exe
2852	Unicorn-11673.exe
2796	Unicorn-4464.exe
3024	Unicorn-46473.exe
1132	Unicorn-2793.exe
1972	Unicorn-7822.exe
924	Unicorn-53494.exe
1772	Unicorn-26819.exe
2468	Unicorn-35498.exe
1028	Unicorn-8087.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 1720	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	28
PID 2956 wrote to memory of 1720	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	28
PID 2956 wrote to memory of 1720	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	28
PID 2956 wrote to memory of 1720	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	28
PID 2956 wrote to memory of 2400	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	30
PID 2956 wrote to memory of 2400	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	30
PID 2956 wrote to memory of 2400	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	30
PID 2956 wrote to memory of 2400	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	30
PID 1720 wrote to memory of 1672	1720	Unicorn-7940.exe	29
PID 1720 wrote to memory of 1672	1720	Unicorn-7940.exe	29
PID 1720 wrote to memory of 1672	1720	Unicorn-7940.exe	29
PID 1720 wrote to memory of 1672	1720	Unicorn-7940.exe	29
PID 1720 wrote to memory of 2212	1720	Unicorn-7940.exe	34
PID 1720 wrote to memory of 2212	1720	Unicorn-7940.exe	34
PID 1720 wrote to memory of 2212	1720	Unicorn-7940.exe	34
PID 1720 wrote to memory of 2212	1720	Unicorn-7940.exe	34
PID 1672 wrote to memory of 2272	1672	Unicorn-19250.exe	33
PID 1672 wrote to memory of 2272	1672	Unicorn-19250.exe	33
PID 1672 wrote to memory of 2272	1672	Unicorn-19250.exe	33
PID 1672 wrote to memory of 2272	1672	Unicorn-19250.exe	33
PID 2956 wrote to memory of 2456	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	35
PID 2956 wrote to memory of 2456	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	35
PID 2956 wrote to memory of 2456	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	35
PID 2956 wrote to memory of 2456	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	35
PID 2400 wrote to memory of 2704	2400	Unicorn-65445.exe	36
PID 2400 wrote to memory of 2704	2400	Unicorn-65445.exe	36
PID 2400 wrote to memory of 2704	2400	Unicorn-65445.exe	36
PID 2400 wrote to memory of 2704	2400	Unicorn-65445.exe	36
PID 2272 wrote to memory of 2208	2272	Unicorn-47933.exe	37
PID 2272 wrote to memory of 2208	2272	Unicorn-47933.exe	37
PID 2272 wrote to memory of 2208	2272	Unicorn-47933.exe	37
PID 2272 wrote to memory of 2208	2272	Unicorn-47933.exe	37
PID 1672 wrote to memory of 2508	1672	Unicorn-19250.exe	38
PID 1672 wrote to memory of 2508	1672	Unicorn-19250.exe	38
PID 1672 wrote to memory of 2508	1672	Unicorn-19250.exe	38
PID 1672 wrote to memory of 2508	1672	Unicorn-19250.exe	38
PID 2456 wrote to memory of 2500	2456	Unicorn-9296.exe	39
PID 2456 wrote to memory of 2500	2456	Unicorn-9296.exe	39
PID 2456 wrote to memory of 2500	2456	Unicorn-9296.exe	39
PID 2456 wrote to memory of 2500	2456	Unicorn-9296.exe	39
PID 2704 wrote to memory of 2184	2704	Unicorn-15426.exe	40
PID 2704 wrote to memory of 2184	2704	Unicorn-15426.exe	40
PID 2704 wrote to memory of 2184	2704	Unicorn-15426.exe	40
PID 2704 wrote to memory of 2184	2704	Unicorn-15426.exe	40
PID 2212 wrote to memory of 2988	2212	Unicorn-25846.exe	41
PID 2212 wrote to memory of 2988	2212	Unicorn-25846.exe	41
PID 2212 wrote to memory of 2988	2212	Unicorn-25846.exe	41
PID 2212 wrote to memory of 2988	2212	Unicorn-25846.exe	41
PID 2956 wrote to memory of 1512	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	43
PID 2956 wrote to memory of 1512	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	43
PID 2956 wrote to memory of 1512	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	43
PID 2956 wrote to memory of 1512	2956	a7f22deb1d5385f2c1c0b6b008e1c190N.exe	43
PID 2400 wrote to memory of 1856	2400	Unicorn-65445.exe	42
PID 2400 wrote to memory of 1856	2400	Unicorn-65445.exe	42
PID 2400 wrote to memory of 1856	2400	Unicorn-65445.exe	42
PID 2400 wrote to memory of 1856	2400	Unicorn-65445.exe	42
PID 1720 wrote to memory of 584	1720	Unicorn-7940.exe	44
PID 1720 wrote to memory of 584	1720	Unicorn-7940.exe	44
PID 1720 wrote to memory of 584	1720	Unicorn-7940.exe	44
PID 1720 wrote to memory of 584	1720	Unicorn-7940.exe	44
PID 2208 wrote to memory of 1776	2208	Unicorn-32408.exe	45
PID 2208 wrote to memory of 1776	2208	Unicorn-32408.exe	45
PID 2208 wrote to memory of 1776	2208	Unicorn-32408.exe	45
PID 2208 wrote to memory of 1776	2208	Unicorn-32408.exe	45

C:\Users\Admin\AppData\Local\Temp\a7f22deb1d5385f2c1c0b6b008e1c190N.exe
"C:\Users\Admin\AppData\Local\Temp\a7f22deb1d5385f2c1c0b6b008e1c190N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4464.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        9⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 224
        10⤵
        Program crash
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        9⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 244
        9⤵
        Program crash
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        9⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 248
        9⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        8⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 248
        8⤵
        Program crash
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53946.exe
        8⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        9⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 216
        9⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        8⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 248
        8⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        7⤵
        Program crash
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        8⤵
        Program crash
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33933.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 224
        8⤵
        Program crash
        
        PID:3068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        7⤵
        Program crash
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
        7⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38975.exe
        8⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        8⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
        7⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
        7⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        7⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27442.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        6⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
        6⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
        9⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 228
        9⤵
        Program crash
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        8⤵
        Program crash
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
        8⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 224
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        7⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        7⤵
        Program crash
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 220
        7⤵
        Program crash
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
        6⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
        7⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 228
        7⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
        6⤵
        
        PID:5108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 248
        6⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        8⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 228
        8⤵
        Program crash
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        7⤵
        Program crash
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45934.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        7⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 224
        7⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
        6⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        6⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        5⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        6⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        7⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 216
        7⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
        6⤵
        
        PID:3840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 244
        6⤵
        Program crash
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62626.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
        6⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        6⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        5⤵
        
        PID:7084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        5⤵
        
        PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48522.exe
        9⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        Program crash
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27113.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        8⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 228
        8⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
        7⤵
        Program crash
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5661.exe
        8⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
        7⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
        7⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35155.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        7⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21867.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        6⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        6⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        6⤵
        Executes dropped EXE
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12334.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
        8⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        7⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 224
        7⤵
        Program crash
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40224.exe
        6⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3223.exe
        7⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27667.exe
        6⤵
        
        PID:5444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 244
        6⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58538.exe
        7⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 244
        7⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46256.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        6⤵
        
        PID:3996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 248
        6⤵
        Program crash
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        5⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13404.exe
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        5⤵
        
        PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52035.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        8⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34565.exe
        8⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12647.exe
        7⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 244
        7⤵
        Program crash
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21883.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
        7⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        6⤵
        Program crash
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
        6⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 224
        7⤵
        Program crash
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        6⤵
        
        PID:3168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 244
        6⤵
        Program crash
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        5⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        6⤵
        
        PID:4256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 228
        6⤵
        
        PID:5968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 248
        5⤵
        Program crash
        
        PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        5⤵
        
        PID:1340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 220
        6⤵
        Program crash
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8370.exe
        5⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        6⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        5⤵
        
        PID:5856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        5⤵
        
        PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
      4⤵
      PID:268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 224
        5⤵
        Program crash
        
        PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
      4⤵
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40394.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18876.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
      4⤵
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31074.exe
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
      4⤵
      PID:8836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        8⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        7⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 224
        7⤵
        Program crash
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        6⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 224
        7⤵
        Program crash
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
        6⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        7⤵
        Program crash
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 244
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26664.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        6⤵
        
        PID:4176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 224
        6⤵
        
        PID:5764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        5⤵
        Program crash
        
        PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        7⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 224
        7⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        6⤵
        
        PID:3888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 244
        6⤵
        Program crash
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
        5⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54921.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        6⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24693.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5391.exe
        5⤵
        
        PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12065.exe
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        7⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 240
        7⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        6⤵
        
        PID:3316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 220
        6⤵
        Program crash
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        5⤵
        
        PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32669.exe
        5⤵
        
        PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
      4⤵
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
        5⤵
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
        6⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        6⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
      4⤵
      PID:6280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55684.exe
      4⤵
      PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44062.exe
      4⤵
      PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
      4⤵
      PID:9068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21520.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27370.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30202.exe
        8⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        8⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        7⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 244
        7⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50840.exe
        7⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43915.exe
        6⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
        7⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 248
        7⤵
        Program crash
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        6⤵
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        6⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53210.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        5⤵
        
        PID:2664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 224
        6⤵
        Program crash
        
        PID:4556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        5⤵
        Program crash
        
        PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        7⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20370.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23335.exe
        6⤵
        
        PID:7328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 224
        6⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        5⤵
        
        PID:3420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 224
        6⤵
        Program crash
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        5⤵
        
        PID:7092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 248
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
      4⤵
      PID:2760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
        5⤵
        Program crash
        
        PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-115.exe
      4⤵
      PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34428.exe
      4⤵
      PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
      4⤵
      PID:9200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 224
      4⤵
      Program crash
      PID:292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20492.exe
        6⤵
        
        PID:9088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
        5⤵
        Program crash
        
        PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        5⤵
        
        PID:8280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 244
      4⤵
      Program crash
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
      4⤵
      Program crash
      PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28795.exe
    3⤵
    PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
    3⤵
    PID:7648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
    3⤵
    PID:7512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
    3⤵
    PID:8960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8800.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 220
        7⤵
        Program crash
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        6⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        7⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        6⤵
        
        PID:5904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        6⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25951.exe
        7⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        7⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 244
        6⤵
        Program crash
        
        PID:5328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 244
        5⤵
        Program crash
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        5⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        6⤵
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 228
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17230.exe
        5⤵
        
        PID:4084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 244
        5⤵
        Program crash
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
      4⤵
      PID:448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 224
        5⤵
        Program crash
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
      4⤵
      PID:5128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 248
      4⤵
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        7⤵
        
        PID:9120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 228
        6⤵
        Program crash
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        5⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
        6⤵
        
        PID:8736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 244
        5⤵
        Program crash
        
        PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19747.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        6⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        6⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        5⤵
        
        PID:3676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        5⤵
        Program crash
        
        PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
      4⤵
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        5⤵
        
        PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      4⤵
      PID:4248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
      4⤵
      PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
      4⤵
      PID:8620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 244
      4⤵
      Program crash
      PID:1488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24457.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11161.exe
      4⤵
      PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
      4⤵
      PID:4764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 224
      4⤵
      PID:6236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
    3⤵
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
    3⤵
    PID:6196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50349.exe
    3⤵
    PID:7688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
    3⤵
    PID:8924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
        6⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 244
        7⤵
        Program crash
        
        PID:2092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        6⤵
        Program crash
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
        6⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        7⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        6⤵
        
        PID:4848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 244
        6⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        6⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        5⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        5⤵
        
        PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35158.exe
        5⤵
        
        PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2699.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45213.exe
        7⤵
        
        PID:9072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 228
        6⤵
        Program crash
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26016.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        6⤵
        
        PID:9016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 244
        5⤵
        Program crash
        
        PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63992.exe
      4⤵
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        6⤵
        
        PID:8872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 248
        5⤵
        Program crash
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe
        5⤵
        
        PID:8464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
      4⤵
      Program crash
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16548.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15065.exe
        5⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37738.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        7⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 228
        7⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        6⤵
        
        PID:3764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        6⤵
        Program crash
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        5⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        6⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        6⤵
        
        PID:3108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 224
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        5⤵
        
        PID:4692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 244
        5⤵
        
        PID:6304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
      4⤵
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        5⤵
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        6⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63004.exe
        6⤵
        
        PID:9000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 248
        5⤵
        Program crash
        
        PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
      4⤵
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        5⤵
        
        PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
      4⤵
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
      4⤵
      PID:6020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 248
      4⤵
      PID:7180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        6⤵
        
        PID:8704
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        5⤵
        Program crash
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        5⤵
        
        PID:8992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 244
      4⤵
      Program crash
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
    3⤵
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
      4⤵
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65333.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
      4⤵
      PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11080.exe
      4⤵
      PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
      4⤵
      PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
      4⤵
      PID:8484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
    3⤵
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
      4⤵
      PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
      4⤵
      PID:8676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
    3⤵
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31713.exe
    3⤵
    PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
    3⤵
    PID:8072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
    3⤵
    PID:8504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63766.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        6⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        7⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        7⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33310.exe
        6⤵
        
        PID:4636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 224
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40137.exe
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        6⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26942.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        6⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        5⤵
        
        PID:4740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 248
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
        5⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24113.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57213.exe
        6⤵
        
        PID:7144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 248
        6⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        5⤵
        
        PID:5288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        5⤵
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26.exe
      4⤵
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        5⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        5⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11875.exe
        5⤵
        
        PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
      4⤵
      PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53740.exe
      4⤵
      PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
      4⤵
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43833.exe
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        6⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34575.exe
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        5⤵
        
        PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
      4⤵
      PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        5⤵
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43385.exe
        5⤵
        
        PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
      4⤵
      PID:8772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
    3⤵
    PID:1968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 224
      4⤵
      Program crash
      PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
    3⤵
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26988.exe
      4⤵
      PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44645.exe
      4⤵
      PID:8776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
    3⤵
    PID:5872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
    3⤵
    PID:7272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
    3⤵
    PID:7736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
      4⤵
      Program crash
      PID:1068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
    3⤵
    PID:2860
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 224
      4⤵
      Program crash
      PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
    3⤵
    PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13664.exe
      4⤵
      PID:8548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
    3⤵
    PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7399.exe
    3⤵
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
    3⤵
    PID:8080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
    3⤵
    PID:9144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
    3⤵
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        5⤵
        
        PID:8324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7210.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
      4⤵
      PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
      4⤵
      PID:7256
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 244
      4⤵
      PID:7708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
    3⤵
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
      4⤵
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
      4⤵
      PID:8256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
    3⤵
    PID:4684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 248
    3⤵
    PID:6092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
  2⤵
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39215.exe
      4⤵
      PID:8796
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
    3⤵
    - Program crash
    PID:4512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
  2⤵
  PID:3280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
  2⤵
  PID:4668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
  2⤵
  PID:7632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
  2⤵
  PID:7388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
  2⤵
  PID:9052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe

Filesize
468KB

MD5
4ed17d224ed061eebdbe75f5f6c7fc09

SHA1
7ca485f1112d5724bc1440bf0d2e7c8b37bf993b

SHA256
fe578f1d9d24fee83a7775c30c99fa4d5cb463b25f1ce8d5aca1c05aefaa3f7c

SHA512
3a1e43fed47df0a4723eb8b6b0e4f57e8d21b51a6de9e99c73b57cbaacb3514ffa840c335be6b1519c6e6da98565488bb38581eceabe8817f4d5c1d7bd6fb8bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe

Filesize
468KB

MD5
628325cf04a8119940e98698d40ada85

SHA1
2fb61034ed8577fa626fd1d88bc5c1d1990d8a56

SHA256
bbfbd59a7ccbde0cbf75980ad491c1f59241e811008d6c585882d8e6cbd48562

SHA512
61df17f364afeb3d91c13b5185cfc27609bd6a3b917144f4af34bd9230f3771a2f0965e52df2f07f193af4889890c7409a29a0e18fc8fbd7f9470c1bdbbabc48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe

Filesize
468KB

MD5
cca34fe55cd84a883b335f68e0718214

SHA1
7cba044a754bafea5d971b1fabc088cc45db9eae

SHA256
a3538f308cf4d54652bb52e8d45257bc2ec409dcc08bcb204c730017adfab92e

SHA512
c792a42f005bc7f71e24787fa06fe95fe1fc9c4fd2de2fef30095bb6fee31238d3d228f10e75c3fbc51887229fc72f364a33f41bc42c956e3de8255ff398819a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe

Filesize
468KB

MD5
7111fbec2cb1e57e2d1b2e970dfa568b

SHA1
321940225e7dfc6a90c20a235294588eb22665cd

SHA256
1772a08554f890550a1e2e28193561020e0dc32b8c243f7fd0ec1a8f9edfbe5c

SHA512
2deeb4dd9290e549165b4802894d30581dd06857ffb6ff5e4f67aff98150f3c2dd5e9ce4c071bfee5672cb70ab370947f1894f991a569e03afe6b86c5f96f202

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe

Filesize
468KB

MD5
cf482ab35a6a2147437150a1a5f063d7

SHA1
f91a632af7cbe2e79b743639bfc2c41c4f08a113

SHA256
a5be90e51d0edd9446dd148ba8456f2da3255ac6e1cbd6ad8a161775b3b52fc4

SHA512
423996d0911972545c0eaeb4bc726eba91124e3437d73b02ca75f7ce06087372c8b0552ee2d7403588da2aaa9cf82f9d99c0c024df3568c312c70a5580acbef3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe

Filesize
468KB

MD5
9e7d00454f0ee3be79e54d22fddd60bc

SHA1
a3c7f350a36c00248060ad817752aade76ed1245

SHA256
8372666c84e1ed914d5b58917edec97030a1d6be1aa44d3c9801c33f870f3e5d

SHA512
9d12f61dd9a5841a3b62e30fe24f04f3dc93a179ab682a8c0f009481289b36ad403d1e80faaf7db266ed76d5dbbb1a9f8b54d9c5f07b46b67b5bdf310a9ddcff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe

Filesize
468KB

MD5
7626e1c6e8c0ec2702f05a344fa302c3

SHA1
de881650782a6eca4b8114baafa570c3b246777e

SHA256
1f91c39d0a77296e0b9109e26dd38ca59f554291791c4eaf3a033f43d13b7d34

SHA512
a0691d59e59e9862ab04eb33756e3b3b7ccee3671233162f0981e9c54302ac0d0e7761fcf4d4e04d22f8b2549432b01023e4287937a95abfb8fe1d016cced28c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe

Filesize
468KB

MD5
5a993a247426c80cd5a3f13057daf072

SHA1
973231ef6faa09f55567d554c1af71e648d44688

SHA256
2e433ef904de70b1066452e555407f4cbd55bb714e27e307562cd57f991525e9

SHA512
ed12614518ae250fddb1f57433f609b14751895fab80361c88583532e1688b1e43c4d88b882b27a7a5794ad5f25a9a346c25f41b9e6018e5a6bbf167b90c6637

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe

Filesize
468KB

MD5
0031278d13a6ab776cbd7ca771f38e1f

SHA1
ffdf8345383dcff4ac3f8f04e06c3bd9acffbc7d

SHA256
067012afb5fe1c40475e80e13e931a539261c4e995fc496e6b805b29fbae098a

SHA512
c00bccc8389fe2513173fd2df5bb51d5c7aae18403136e6b3b52692c7e29808fb86d8e40aefa628300210287b0201a7f6cd988e5d5d63fbaf89bac7d8e81c83b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25846.exe

Filesize
468KB

MD5
8ad98e4cace56833908774acac5df78f

SHA1
e82d21ba8f382259afc5c7b71c3a9866310e5928

SHA256
002df9fbdf3ca4c94b6836107270f242578204339a9c8cf764ca94cec1ce0061

SHA512
48351afc6f97e8a0f38eb77f1eecc3716e5bae2ef5eac993f3537e6f86b79444cb331d3716248b233cc3f64add67b214a89f654d242cb25737dd4951a3bf42e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe

Filesize
468KB

MD5
e096f4dfbaf9a7c890ad95ed69b21f79

SHA1
53a5b2b485f9bb56bd18700d4097f4e27b7911ad

SHA256
959099cc8f2a15b7dce19f503f1511d7d026b76d741ee76e89de3dbb0b9ef4bb

SHA512
f1374eccc6372cfa5c22cedc146259cd63e94369452c954968f12388893e1767d876ce7a33a7504282014d15fc203952d322e597da3cacb34fa334fc6a180375

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe

Filesize
468KB

MD5
e4b98e2f21fe32dc5d532beb9679d0ac

SHA1
10929dcc3c62864bfb052f5308f7eaec85ced50e

SHA256
1b55a71f902e519acbedcd5980dc3fcb8825e68960500159256e934808a4a7e7

SHA512
12256bdedf97534d73483082d9df880f527ed065859bcffa00288596a3d22955dbf8685c09f12ef6afe4cf59afbc08270796f8fd78a64132f92713a312499167

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe

Filesize
468KB

MD5
a2da7cb99fe5ed0a462a1671b7f81682

SHA1
5116b548b14d44a7919ee3bd857f890243569e1c

SHA256
669fec531e893d52d436996a615edaefe8ce37224f36b78a369dcfb2be3af4bd

SHA512
8c38a2a21f64d0566cae650e36ad155f7eac8c7ed46db548501ac5c669e062a4ebb8109478bb96073c6c0322b9051b65fcad8fc9f984f30f80db56d357a24f46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe

Filesize
468KB

MD5
1fc006f14abaaae0fd9a7584d007576f

SHA1
07552fe1cf4d974a5b15739815bfbe555361e402

SHA256
1944e99ec28247fc25cef9e2105930186e0e5f2eabd7772c4be6294b0027899c

SHA512
90a7683264dd5b623d3fbb637a7626a15970cb3f0de2751d7929fdeff01c28e93aba2495cb1a7d39efca47363da9cd1dec5786c4f52e447a1f603e81b33013e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe

Filesize
468KB

MD5
4bde8b8df36091d06c29b82557a1f990

SHA1
4b27e1563519f76507b0889c37669d55f40ff74b

SHA256
28cb79b64351b683ececaa0ee2cff1db5f708da8f4d3febf38842b8498ecbfa5

SHA512
058cb4333a5fd9ed57d05fcb79aa1b49fce19aae6451e108c39ba9b438dd7e9f0cd53f865119f00aae806349b74ab5067fa67df60988171b782775d01374f1a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47933.exe

Filesize
468KB

MD5
ef373e1b14cd82b026ab0356493073d6

SHA1
9626ca83aa4464104bd17a51fcc042b2f6c9ee81

SHA256
7e9c128ffbaf12f84e19063db11f5472369d1b584bc15314f74a549ba5a79c93

SHA512
24d100c5d98465e9e320c44a0c4672a13dee1a1ef6d764c701225d9280bf9b386f42fb0e09982f9a385d91bdb8fc913c154fdda460b3dce9e82f74c54665bf41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6458.exe

Filesize
468KB

MD5
89783526ec8cebb8182e9a29b18b56b3

SHA1
fa626f8d2babc69d766fc2a84828a3df8a5a7775

SHA256
96e9218ce6bde3d4345eabd8b451226cc182a9b85d5bc2edb2a58a9e4b698703

SHA512
0ef06b4f13af9cfb415baa81a3aa2f166f9a07bd661789abc664061d2c97f8502d8ff71bb8a576508022a1310ea55f356363c9af373cece60a38c12b9af45b76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe

Filesize
468KB

MD5
966698d1abe94a23714a77a6e4902551

SHA1
f2947900556ced15b49dbdddf00a472ceab0a71c

SHA256
2cca14562486fa4b1005f936d57b1e82bb784789e9e057bfa4e33a6dd7376025

SHA512
7367372f37deeb9769a2bbd8372a8105ed52768f3473ceb8ad1b7676920af862e90f2da0a72645edefe9721a3e60246bcc953cd3912705f1fd0b5d506f9b9c9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe

Filesize
468KB

MD5
9bdec2ae60a018999fd1d2aff327cbb3

SHA1
b420e4f28628795363550d9f60439a4fdf78fd1f

SHA256
399930f9c2ca0a5fb0f3c0eb7a016b50956e2c3618fd2a8c4eaa603f50d02208

SHA512
d9d68bd0cbf910f416a7f8f59784b6c15272afffa2d84b2b20c32dc922100d6afa985d37b66d6b3ee749e4d6132ae016a1107d56c6a83f558fe56fb253e6f958

Download Submit