83f9f58b264fe1378882bcf60f9f68f3275e96d7420f26044d64becaaac4f9e8

Analysis

max time kernel
85s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe
Size

196KB
MD5

e0b746d1bd8de96d8ce40be3f75b2153
SHA1

f6965d1d438695ef2bba8946e6753b482223cde3
SHA256

fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c
SHA512

bf345f704fbc72985ad007f223cd67add049059f1486789269cafa32bdc5780ae7148ca08984eb75531e1de157c535a95a3b1710236cb28035946f8d81b26f1a
SSDEEP

3072:6Ke0oqP38PAUkbn1Ld+iqH8x62vbr9KGTdNFx79WRq2lVvMp:6KJovYjbVdBqH8AE7r2lVvM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2616	Unicorn-58173.exe
1712	Unicorn-34904.exe
2444	Unicorn-15038.exe
2656	Unicorn-127.exe
2816	Unicorn-20740.exe
2720	Unicorn-41714.exe
2580	Unicorn-293.exe
2572	Unicorn-58217.exe
1608	Unicorn-53578.exe
2760	Unicorn-29628.exe
1160	Unicorn-49494.exe
1724	Unicorn-48591.exe
1392	Unicorn-12389.exe
2036	Unicorn-29515.exe
1636	Unicorn-13178.exe
2356	Unicorn-34153.exe
2748	Unicorn-54019.exe
1936	Unicorn-49935.exe
1600	Unicorn-42321.exe
1800	Unicorn-24684.exe
2892	Unicorn-17070.exe
1028	Unicorn-32852.exe
1976	Unicorn-65524.exe
2992	Unicorn-45104.exe
2488	Unicorn-21154.exe
2272	Unicorn-8710.exe
1752	Unicorn-3879.exe
2332	Unicorn-45467.exe
1556	Unicorn-44912.exe
1588	Unicorn-44912.exe
1584	Unicorn-40828.exe
2056	Unicorn-33214.exe
2688	Unicorn-40309.exe
1628	Unicorn-15612.exe
2568	Unicorn-9068.exe
2692	Unicorn-41186.exe
2668	Unicorn-65368.exe
2532	Unicorn-24850.exe
2996	Unicorn-900.exe
1152	Unicorn-4237.exe
2608	Unicorn-27865.exe
2004	Unicorn-57522.exe
2736	Unicorn-33572.exe
2728	Unicorn-12405.exe
2620	Unicorn-41548.exe
524	Unicorn-32634.exe
576	Unicorn-28550.exe
2412	Unicorn-20936.exe
2628	Unicorn-20936.exe
1336	Unicorn-16298.exe
1872	Unicorn-4600.exe
2268	Unicorn-12213.exe
1812	Unicorn-44523.exe
840	Unicorn-15743.exe
1388	Unicorn-44886.exe
1992	Unicorn-48415.exe
1984	Unicorn-60667.exe
1292	Unicorn-16105.exe
2196	Unicorn-15550.exe
3024	Unicorn-15913.exe
324	Unicorn-19443.exe
2364	Unicorn-27611.exe
2800	Unicorn-3661.exe
2180	Unicorn-50122.exe

Loads dropped DLL 64 IoCs

pid	Process
944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe
944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe
944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe
2616	Unicorn-58173.exe
944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe
2616	Unicorn-58173.exe
2444	Unicorn-15038.exe
1712	Unicorn-34904.exe
1712	Unicorn-34904.exe
2444	Unicorn-15038.exe
2616	Unicorn-58173.exe
2616	Unicorn-58173.exe
2656	Unicorn-127.exe
2656	Unicorn-127.exe
1712	Unicorn-34904.exe
1712	Unicorn-34904.exe
2816	Unicorn-20740.exe
2816	Unicorn-20740.exe
2444	Unicorn-15038.exe
2720	Unicorn-41714.exe
2444	Unicorn-15038.exe
2720	Unicorn-41714.exe
2580	Unicorn-293.exe
2580	Unicorn-293.exe
2656	Unicorn-127.exe
2656	Unicorn-127.exe
2760	Unicorn-29628.exe
2760	Unicorn-29628.exe
1608	Unicorn-53578.exe
1608	Unicorn-53578.exe
2816	Unicorn-20740.exe
2816	Unicorn-20740.exe
2572	Unicorn-58217.exe
2572	Unicorn-58217.exe
1160	Unicorn-49494.exe
1160	Unicorn-49494.exe
2720	Unicorn-41714.exe
2720	Unicorn-41714.exe
1724	Unicorn-48591.exe
1724	Unicorn-48591.exe
2580	Unicorn-293.exe
2580	Unicorn-293.exe
1392	Unicorn-12389.exe
1392	Unicorn-12389.exe
1636	Unicorn-13178.exe
1636	Unicorn-13178.exe
2036	Unicorn-29515.exe
2036	Unicorn-29515.exe
1608	Unicorn-53578.exe
1608	Unicorn-53578.exe
2760	Unicorn-29628.exe
2760	Unicorn-29628.exe
2748	Unicorn-54019.exe
2748	Unicorn-54019.exe
2572	Unicorn-58217.exe
2572	Unicorn-58217.exe
2356	Unicorn-34153.exe
1600	Unicorn-42321.exe
2356	Unicorn-34153.exe
1600	Unicorn-42321.exe
1936	Unicorn-49935.exe
1936	Unicorn-49935.exe
1160	Unicorn-49494.exe
1160	Unicorn-49494.exe

Program crash 61 IoCs

pid	pid_target	Process	procid_target
2120	2332	WerFault.exe	58
1400	2892	WerFault.exe	51
1308	2996	WerFault.exe	69
2928	2668	WerFault.exe	67
804	1984	WerFault.exe	91
2676	2608	WerFault.exe	71
2428	2268	WerFault.exe	82
1496	1556	WerFault.exe	59
1504	2056	WerFault.exe	62
1724	2528	WerFault.exe	103
1800	2848	WerFault.exe	101
2508	2220	WerFault.exe	116
2192	1648	WerFault.exe	115
2372	1336	WerFault.exe	80
1552	1476	WerFault.exe	129
1684	2548	WerFault.exe	104
1956	2336	WerFault.exe	149
2884	2552	WerFault.exe	142
1608	1788	WerFault.exe	114
872	2376	WerFault.exe	146
3460	2348	WerFault.exe	162
3556	2804	WerFault.exe	125
3572	2836	WerFault.exe	126
840	1712	WerFault.exe	132
2772	2380	WerFault.exe	182
2364	2648	WerFault.exe	165
3688	828	WerFault.exe	189
1896	1080	WerFault.exe	203
3912	1672	WerFault.exe	208
2444	2316	WerFault.exe	195
3908	1600	WerFault.exe	211
3840	3700	WerFault.exe	231
2868	3788	WerFault.exe	234
2628	3516	WerFault.exe	224
3256	3128	WerFault.exe	252
2824	2584	WerFault.exe	287
2100	3776	WerFault.exe	271
3156	1920	WerFault.exe	317
1172	3308	WerFault.exe	301
4056	2076	WerFault.exe	263
3012	2672	WerFault.exe	292
2540	3624	WerFault.exe	323
3804	1928	WerFault.exe	341
3712	4820	WerFault.exe	442
5012	3740	WerFault.exe	339
4504	3144	WerFault.exe	355
2756	1432	WerFault.exe	333
4308	3816	WerFault.exe	413
3140	4908	WerFault.exe	470
3164	1892	WerFault.exe	350
2524	3820	WerFault.exe	491
1604	3160	WerFault.exe	412
1916	3640	WerFault.exe	459
3448	4968	WerFault.exe	433
3564	2016	WerFault.exe	334
1988	3152	WerFault.exe	498
2732	1688	WerFault.exe	360
4336	2568	WerFault.exe	487
4828	4664	WerFault.exe	468
3288	2104	WerFault.exe	330
4644	2156	WerFault.exe	457

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46288.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14741.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe
2616	Unicorn-58173.exe
2444	Unicorn-15038.exe
1712	Unicorn-34904.exe
2656	Unicorn-127.exe
2816	Unicorn-20740.exe
2720	Unicorn-41714.exe
2580	Unicorn-293.exe
2572	Unicorn-58217.exe
2760	Unicorn-29628.exe
1160	Unicorn-49494.exe
1608	Unicorn-53578.exe
1724	Unicorn-48591.exe
1392	Unicorn-12389.exe
2036	Unicorn-29515.exe
1636	Unicorn-13178.exe
2356	Unicorn-34153.exe
1600	Unicorn-42321.exe
2748	Unicorn-54019.exe
1936	Unicorn-49935.exe
1800	Unicorn-24684.exe
2892	Unicorn-17070.exe
1028	Unicorn-32852.exe
1976	Unicorn-65524.exe
2992	Unicorn-45104.exe
2488	Unicorn-21154.exe
2272	Unicorn-8710.exe
1752	Unicorn-3879.exe
1588	Unicorn-44912.exe
1556	Unicorn-44912.exe
2332	Unicorn-45467.exe
1584	Unicorn-40828.exe
2056	Unicorn-33214.exe
2688	Unicorn-40309.exe
1628	Unicorn-15612.exe
2668	Unicorn-65368.exe
2568	Unicorn-9068.exe
2692	Unicorn-41186.exe
2532	Unicorn-24850.exe
2996	Unicorn-900.exe
1152	Unicorn-4237.exe
2608	Unicorn-27865.exe
2004	Unicorn-57522.exe
2736	Unicorn-33572.exe
2728	Unicorn-12405.exe
2620	Unicorn-41548.exe
576	Unicorn-28550.exe
524	Unicorn-32634.exe
2412	Unicorn-20936.exe
2628	Unicorn-20936.exe
1336	Unicorn-16298.exe
1872	Unicorn-4600.exe
2268	Unicorn-12213.exe
1812	Unicorn-44523.exe
840	Unicorn-15743.exe
1388	Unicorn-44886.exe
1992	Unicorn-48415.exe
1984	Unicorn-60667.exe
1292	Unicorn-16105.exe
2196	Unicorn-15550.exe
3024	Unicorn-15913.exe
324	Unicorn-19443.exe
2180	Unicorn-50122.exe
2364	Unicorn-27611.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 2616	944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe	31
PID 944 wrote to memory of 2616	944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe	31
PID 944 wrote to memory of 2616	944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe	31
PID 944 wrote to memory of 2616	944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe	31
PID 2616 wrote to memory of 1712	2616	Unicorn-58173.exe	32
PID 2616 wrote to memory of 1712	2616	Unicorn-58173.exe	32
PID 2616 wrote to memory of 1712	2616	Unicorn-58173.exe	32
PID 2616 wrote to memory of 1712	2616	Unicorn-58173.exe	32
PID 944 wrote to memory of 2444	944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe	33
PID 944 wrote to memory of 2444	944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe	33
PID 944 wrote to memory of 2444	944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe	33
PID 944 wrote to memory of 2444	944	fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe	33
PID 1712 wrote to memory of 2656	1712	Unicorn-34904.exe	35
PID 1712 wrote to memory of 2656	1712	Unicorn-34904.exe	35
PID 1712 wrote to memory of 2656	1712	Unicorn-34904.exe	35
PID 1712 wrote to memory of 2656	1712	Unicorn-34904.exe	35
PID 2444 wrote to memory of 2816	2444	Unicorn-15038.exe	34
PID 2444 wrote to memory of 2816	2444	Unicorn-15038.exe	34
PID 2444 wrote to memory of 2816	2444	Unicorn-15038.exe	34
PID 2444 wrote to memory of 2816	2444	Unicorn-15038.exe	34
PID 2616 wrote to memory of 2720	2616	Unicorn-58173.exe	36
PID 2616 wrote to memory of 2720	2616	Unicorn-58173.exe	36
PID 2616 wrote to memory of 2720	2616	Unicorn-58173.exe	36
PID 2616 wrote to memory of 2720	2616	Unicorn-58173.exe	36
PID 2656 wrote to memory of 2580	2656	Unicorn-127.exe	37
PID 2656 wrote to memory of 2580	2656	Unicorn-127.exe	37
PID 2656 wrote to memory of 2580	2656	Unicorn-127.exe	37
PID 2656 wrote to memory of 2580	2656	Unicorn-127.exe	37
PID 1712 wrote to memory of 2572	1712	Unicorn-34904.exe	38
PID 1712 wrote to memory of 2572	1712	Unicorn-34904.exe	38
PID 1712 wrote to memory of 2572	1712	Unicorn-34904.exe	38
PID 1712 wrote to memory of 2572	1712	Unicorn-34904.exe	38
PID 2816 wrote to memory of 1608	2816	Unicorn-20740.exe	39
PID 2816 wrote to memory of 1608	2816	Unicorn-20740.exe	39
PID 2816 wrote to memory of 1608	2816	Unicorn-20740.exe	39
PID 2816 wrote to memory of 1608	2816	Unicorn-20740.exe	39
PID 2444 wrote to memory of 2760	2444	Unicorn-15038.exe	40
PID 2444 wrote to memory of 2760	2444	Unicorn-15038.exe	40
PID 2444 wrote to memory of 2760	2444	Unicorn-15038.exe	40
PID 2444 wrote to memory of 2760	2444	Unicorn-15038.exe	40
PID 2720 wrote to memory of 1160	2720	Unicorn-41714.exe	41
PID 2720 wrote to memory of 1160	2720	Unicorn-41714.exe	41
PID 2720 wrote to memory of 1160	2720	Unicorn-41714.exe	41
PID 2720 wrote to memory of 1160	2720	Unicorn-41714.exe	41
PID 2580 wrote to memory of 1724	2580	Unicorn-293.exe	42
PID 2580 wrote to memory of 1724	2580	Unicorn-293.exe	42
PID 2580 wrote to memory of 1724	2580	Unicorn-293.exe	42
PID 2580 wrote to memory of 1724	2580	Unicorn-293.exe	42
PID 2656 wrote to memory of 1392	2656	Unicorn-127.exe	43
PID 2656 wrote to memory of 1392	2656	Unicorn-127.exe	43
PID 2656 wrote to memory of 1392	2656	Unicorn-127.exe	43
PID 2656 wrote to memory of 1392	2656	Unicorn-127.exe	43
PID 2760 wrote to memory of 2036	2760	Unicorn-29628.exe	44
PID 2760 wrote to memory of 2036	2760	Unicorn-29628.exe	44
PID 2760 wrote to memory of 2036	2760	Unicorn-29628.exe	44
PID 2760 wrote to memory of 2036	2760	Unicorn-29628.exe	44
PID 1608 wrote to memory of 1636	1608	Unicorn-53578.exe	45
PID 1608 wrote to memory of 1636	1608	Unicorn-53578.exe	45
PID 1608 wrote to memory of 1636	1608	Unicorn-53578.exe	45
PID 1608 wrote to memory of 1636	1608	Unicorn-53578.exe	45
PID 2816 wrote to memory of 2356	2816	Unicorn-20740.exe	46
PID 2816 wrote to memory of 2356	2816	Unicorn-20740.exe	46
PID 2816 wrote to memory of 2356	2816	Unicorn-20740.exe	46
PID 2816 wrote to memory of 2356	2816	Unicorn-20740.exe	46

C:\Users\Admin\AppData\Local\Temp\fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe
"C:\Users\Admin\AppData\Local\Temp\fc5c6613806d779a06337b433db76b4117da5e5b8d3036bf58a3d33643460a3c.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        10⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15005.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        12⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        13⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        14⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        14⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        15⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28409.exe
        11⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        12⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        13⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        14⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39421.exe
        13⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        14⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22659.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        11⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
        14⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
        13⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        14⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        10⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        11⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        12⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        13⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 224
        14⤵
        Program crash
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
        10⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11129.exe
        11⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        12⤵
        Program crash
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
        9⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        10⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 224
        11⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        11⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        12⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        13⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 240
        14⤵
        Program crash
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        10⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        11⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        12⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 224
        13⤵
        Program crash
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 188
        9⤵
        Program crash
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        9⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        11⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 224
        12⤵
        Program crash
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        11⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        12⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        14⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 244
        15⤵
        Program crash
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34040.exe
        14⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
        9⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
        11⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
        12⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
        13⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52759.exe
        14⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        13⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        14⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
        12⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 148
        13⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3334.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
        10⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        11⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        13⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
        14⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        12⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46651.exe
        13⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        12⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 244
        13⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44238.exe
        11⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        12⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        13⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 248
        7⤵
        Program crash
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        11⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        12⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        13⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 244
        14⤵
        Program crash
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        13⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        10⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 240
        11⤵
        Program crash
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53661.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13931.exe
        10⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 224
        11⤵
        Program crash
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        10⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        11⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        13⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        14⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        10⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        11⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        12⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17342.exe
        13⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        11⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61082.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        10⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
        11⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        12⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        13⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 228
        9⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
        9⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 220
        10⤵
        Program crash
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 224
        7⤵
        Program crash
        
        PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41830.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        14⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 244
        13⤵
        Program crash
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
        10⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15021.exe
        11⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        12⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        13⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        10⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        11⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 224
        12⤵
        Program crash
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28026.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
        10⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        11⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        12⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10086.exe
        13⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
        14⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43510.exe
        11⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        9⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 240
        10⤵
        Program crash
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11497.exe
        9⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        11⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3148.exe
        12⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        13⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11233.exe
        14⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44778.exe
        15⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        12⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
        13⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        10⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 220
        12⤵
        Program crash
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52411.exe
        10⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65337.exe
        8⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 244
        9⤵
        Program crash
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
        10⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
        11⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        12⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21073.exe
        13⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        11⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        12⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
        10⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        11⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17103.exe
        12⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        14⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        13⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 248
        11⤵
        Program crash
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        12⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34908.exe
        13⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14928.exe
        14⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        13⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55763.exe
        10⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        11⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 220
        8⤵
        Program crash
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 244
        6⤵
        Program crash
        
        PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        9⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        11⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        12⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
        13⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 224
        14⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        12⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe
        13⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 240
        14⤵
        Program crash
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        13⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 244
        12⤵
        Program crash
        
        PID:3156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
        9⤵
        Program crash
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        11⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
        12⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29509.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 244
        8⤵
        Program crash
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 224
        10⤵
        Program crash
        
        PID:3688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        8⤵
        Program crash
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        7⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        8⤵
        Program crash
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16298.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        12⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15509.exe
        13⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        13⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        12⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
        8⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 224
        9⤵
        Program crash
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 248
        7⤵
        Program crash
        
        PID:2372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        6⤵
        Program crash
        
        PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-174.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39905.exe
        11⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        12⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 248
        11⤵
        Program crash
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
        8⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 224
        9⤵
        Program crash
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        7⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 244
        8⤵
        Program crash
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 220
        7⤵
        Program crash
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        7⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 224
        8⤵
        Program crash
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        9⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
        7⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37438.exe
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        10⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        10⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 228
        9⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44792.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32168.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60738.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        9⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37523.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
        8⤵
        
        PID:6584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24850.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51404.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        13⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        14⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        13⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
        14⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        15⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        12⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 244
        13⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        9⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 220
        10⤵
        Program crash
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        12⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        9⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        10⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
        11⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
        13⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        12⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        13⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        12⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        10⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47995.exe
        12⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        10⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        11⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        12⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        10⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 224
        11⤵
        Program crash
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 224
        7⤵
        Program crash
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21154.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20787.exe
        7⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        9⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 224
        10⤵
        Program crash
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        9⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 224
        10⤵
        Program crash
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        7⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        11⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
        13⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 244
        14⤵
        Program crash
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
        12⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11539.exe
        11⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
        13⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        12⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        10⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        11⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        12⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        11⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        10⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        11⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        12⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        11⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        12⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        9⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 224
        10⤵
        Program crash
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        11⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        12⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11596.exe
        10⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        11⤵
        
        PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 224
        7⤵
        Program crash
        
        PID:2428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        6⤵
        Program crash
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        6⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        11⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        7⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47414.exe
        11⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        12⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4336.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        11⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55769.exe
        12⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50709.exe
        10⤵
        
        PID:4436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        7⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
        8⤵
        Program crash
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        10⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40128.exe
        11⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
        11⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61908.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        11⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        6⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 220
        7⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33418.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8197.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        11⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
        12⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 240
        13⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        10⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 224
        11⤵
        Program crash
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
        11⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23055.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        10⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        11⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41543.exe
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36018.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36973.exe
        10⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        10⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
        11⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40656.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7284.exe
        10⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        11⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 244
        11⤵
        Program crash
        
        PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        6⤵
        Program crash
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        5⤵
        Executes dropped EXE
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
        6⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3729.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        11⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 244
        12⤵
        Program crash
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 248
        7⤵
        Program crash
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe

Filesize
196KB

MD5
07c91c9e419d34ebcd55ac625e1f244a

SHA1
4d6ccdb1dab9d8c1681b5d1f2bb827173c89c7d5

SHA256
4cdb62ead43299a3d03522a409b3563195fb1265939880b23b38c901640e6142

SHA512
bea1d608e90868a98bfe057d5f79a7a285ca1e3824e451ac14290da42beca3c8ad17ec86f9a351d55c233e3a99ccaf4a74cf80585f0185e9267e0f6d91ca961e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe

Filesize
196KB

MD5
5c7d090cc222ecbeaf9cea7b0aa1183f

SHA1
986f47b5fe75fed01e7b85845e8f6346607d494b

SHA256
933c6fe419c95207f960e6935bdd81a3a3dedadc49f5dae5286b70d07b391c1c

SHA512
2f6c29e42a54ac8e67d505495dbf74c98a2c768a11b8efad09a5bb070355a6049d992a334946b67e154c6fdfc36944fba551fecac0ad4554b90c168e1a367e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe

Filesize
196KB

MD5
54c1bc2d5b8b24992092f73698296245

SHA1
adb669058ae1c109902801fc77319b52787ed27a

SHA256
bb0111856421446e1ff3b2373d57a980221a8917da1b17069cf764899bd5253e

SHA512
796e94aa1c0029e4184d501b6801b95ef7be45228f1076a7093a1dea5135f8a0524b902e006ec71eab2fa6549bdc5ae9c15651ac762e2a96d6b763bd2e9c61d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34904.exe

Filesize
196KB

MD5
749df2b5322f75b32ca34fdbc3368ae4

SHA1
98d083c22659e6c30006a51258ba9f0ddce71e0c

SHA256
9062a4c148d5a9d96d04503a57b72f10ce67087b89d1096babb392c8153bdce1

SHA512
81ad730432eb4fd0f9a37014c1edb552f7224767dd60fcce0ce0d2f41d6baa63d051f31d7bee5df20a2452096c9d80bbe17ef68788d5a486163bb985cd920201

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39706.exe

Filesize
196KB

MD5
f4cd18d522c4f0bbc61337ee97fb47b0

SHA1
6109128820a2874b60c3d10714d76edbe44aabee

SHA256
b9d8fe50448aed1698e357d7cc982369e366c2323ad2ddce6886644a8c3ce062

SHA512
6889573165bc9b43675c5719cac91b134de18d1771467843e7d05ab65a220e0e07d1c0d6f2db7f4c5d492bebf7141f18104961f0a24dde1b2dea474cbcb193e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe

Filesize
196KB

MD5
a5de06d66363502e0d73e2c8dadaf4ce

SHA1
f5e0a57ceb48095fc338129ade7374922038e933

SHA256
4f564abf70111c958f8bba070e11180a640686a798715f27baf148098d291268

SHA512
b1883d27af65ed16c241c1964aa593de27cfa3f507bd468b9dd6d7558bf33a3475eea86f5202930b0143c14e01e24573f32939979a56e714cc5b4c0f88ed9c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe

Filesize
196KB

MD5
bb843320fc0711b7b522947906e0e752

SHA1
dbb11f749a01f9e2465150afc0042808c3966f0b

SHA256
dd562f0e9146d2194bb2fd17d36e3fa8b5b702c1e255b3ea5402502419c106d5

SHA512
cf3d6b71c34acc203196da3df0f112677b001c1c5b47a1f1919be2076821b7718f58efe939d605a47740a045f3702f865aed779f2d3d9dfe7931872b7356e73e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe

Filesize
196KB

MD5
229a6bf2e1a72f7349a771154918040d

SHA1
2bd53197f3473aa84689a2b55b5d7f99f5171427

SHA256
99a18c4f1b0838139e2c897340411f5cc0b3af41db17f6236f62ef16687b55de

SHA512
cb7b2c9fa672a7f3886f003af15cf3c3eb68779d7a6d0d4905ac1a9addcc3df67f04d0bdc24f0fa7ac79b2d0737cd98ab4492000d80711bdb888692f35018d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe

Filesize
196KB

MD5
727dce5f25c2096220d90ccaec83e9b8

SHA1
65ab386733280043753bed21a5c58148f14918be

SHA256
ad19110b528d6bc051ac6965ff0645864cae41c0c7c8a64afe0a63db12352190

SHA512
06399532ab9f80ba30dda66fdb405e45eee568b0b88d970dbc5a4190eb64fe309cac495af5dc4370a4709b54afc5cdf2c264ec55573e92b6275dcb922522ecb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe

Filesize
196KB

MD5
786823293c4b291161808b3157e329b3

SHA1
60fc659fc274fd641ddc474446d72768c1cb8d13

SHA256
b734a693e8da92b67fcfc042cfda38d342cecfdc022c4fd4db1bb6ee039b9292

SHA512
2005d81c8e0b9ec184c71747f51a6bc7f8a6d46949d93806270ebb61db93422bb5b9ff3e90cadccb3774270259945db3705bfa7b06f4e1ed46a541ab16894d6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe

Filesize
196KB

MD5
5f348ada28a6e8409fe645d2e09122f3

SHA1
a9a83e927026bb07d386a3666916ce58eebc2248

SHA256
159237b785e66c24416a50e6ce46ec03f52335c2516b5810991c96a30cdbe036

SHA512
392d2f8c84334b00065316db0d6942a700b41ba49a44552f1b6884165f55de93fba9daacac649e41ca9abba49e0b97deeccba159af18936e027b3c2aa190c05e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe

Filesize
196KB

MD5
2e27f586d813f58bb1b2b12d3e71f209

SHA1
b73fb1774907f35319f7dcca0f690cec1d838f94

SHA256
731d675a8cb43feab6720e5521cd9969d534fd63455a7191b9766179c39885d1

SHA512
3b73fe93a65cd31f99f975c02895516f243fdee850fe518b837360f2e1e8b4ceaaaf0e462b42763847e0708fd34fe15ea622254bae83c74a29c700a2e6fb853b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe

Filesize
196KB

MD5
cd4d1f8540958d1615a5b68a9d7c6556

SHA1
76badf8d447669720b7220c32af7e37b58aeae74

SHA256
7481dacb0dbe42dc58354166024e38535474d2531ceba01ba59e9c3621e3f44e

SHA512
eee1a49aec6805a4c851129dacaf14e2b0774ac1e2f07c8c14224093327e2e5e0c29e021d5f799b758d2402a3bf7558eaa71997afe68d0ea27b73e55f5d39b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe

Filesize
196KB

MD5
ef1f5ffbae1b139d25be9c4c3da495f2

SHA1
a72c2f6fbfad178d7d31608d64741aed058b42c6

SHA256
0f41d4e2418232ece31e5528dfce1f26a7bb653a16a62e1f5fe437ce1694ba5d

SHA512
3921495d1d98dc6f4dfb7ff2dd15856864d009b4e6e8a989215e628c3465ae7ca23e7ca515e715f36ee42d004c32cf3ed2bd908b7aaf5cc35fa70e1d8aa6e7c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe

Filesize
196KB

MD5
1a2f35198d85d6d6533d399b3ebd80fc

SHA1
e5e32a2afd7702ab14761bd5dad0f1b1a90f9a0f

SHA256
8041d322ff92078027cd4a6fe461fa7abafb6f75b79755ce6d3a07f991d89669

SHA512
cbb50417119261551c0614a58d265c32f70973764f45ccc8b956102d5c3610c6e975b41a94d7170a2be15a39003d5825beb4cd551d18a14f7a2bb0c984af3680

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12389.exe

Filesize
196KB

MD5
4368c6a66ce6f1fc5d3224eda12621cb

SHA1
390d442fc3877afd25175dce717554fb7d3eaac0

SHA256
37d4d6d6976ae1f17708a760cf00f6874ea364de2c1775e3fd9de6882baf4446

SHA512
f44f2f961732cf1c73701b9afc466a72c838ba0ecddee437c00e8006731c048982f439f2a0adca021f921810ff198aef43a3564466749da5dff4f806a6d9c9fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-127.exe

Filesize
196KB

MD5
84fce8e0f7c8dd44106ce122bbfc822c

SHA1
f2b84735b899e8ca79654fb91d9829191309466f

SHA256
442e250b7ea6c65cbd259cfdd042dfee3a475a7d56b77bdd212bf4627a0be5a6

SHA512
c81d2d1de3c04cb0c00351fb10369ad065b036850a47f669c601ea63ff8f80be178526a483c4dac080c6538e8ca86fccf27737a95001ae3b4c938088f5515283

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe

Filesize
196KB

MD5
b682481132d76c10d6becea2d1695bed

SHA1
8bc0029cfac014b46be01afb8371abea712ba68b

SHA256
de0746cfbc4f7f7bf87987027e4dce12c32259fc036d2725737a538b938c961d

SHA512
aa4ff739015fe8439681d761587c5b47ad5723e142366f536684b8a1b7f582a1a0f619f220c18ac93effeba99070767e15eff6186dac110f3b0ba69d49c8d410

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe

Filesize
196KB

MD5
9eecca43a4ea6eb9341d4cfae1dd0699

SHA1
ac05cf7763d1b94752341c2741b671089f525399

SHA256
4d93a5abc2c7273c630d9c4030e600a1be4a6b193db95804312d6a529012c85d

SHA512
f68043806e5004c9e968a8e19d33d3b4e63b0f2e16f1b3cfbd7b3b12f9d9b4103068de1fa7453f99bb18dba2f832adc266a2b1f3ef219b61c0f1dbf9edaf6c54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe

Filesize
196KB

MD5
dc3ad076e2a297e821a09338899e58f3

SHA1
016e905d840217be636bb7ba231fe20a3764fe74

SHA256
962a7247eb58d1e144ffda76beec7042c4157c55487fbd6a9d8c0804b95db372

SHA512
2823f706ef74a3b2b66336a4624c39a8fc33570f48319838ace993bdc0047b502e316b5489058e7e36c62165a03819a91ed0d1b0f9c4a4670b0ab0236b2de001

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe

Filesize
196KB

MD5
dd1ef953432896721bc528ff343535b1

SHA1
00c0d6c5ab2945471ebe5369f67dffeef10ffa8d

SHA256
f0bac5448022bcc4a710beeecf1b196aa5171c0b0ce020148173506ba33fd4ba

SHA512
4c39ca2db59d2997d14e6db965ff4a31f53232bc5b95424cb4f8cf528f339045adf465940a937c40df9144eba6fc4c6006b9e6e138d93175048450b96b3d908d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe

Filesize
196KB

MD5
6b630a5645f4b743dca64171742a8fac

SHA1
3d58e640f38201d21a819c8f5c73a2e2202743b2

SHA256
d4d47d6dee21d1d23e2a8b9756147ea4073f1ddaba70376712d5c8e833762e10

SHA512
98e6f7cfed35f4c1d99c9c3b7e14753a9b66096fa47cc8aec10f3382b8ac6af4f8bc878f6e8344eb6da6ba9a46e5a9233d3f803382ea9bd4d475645d38b5f940

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe

Filesize
196KB

MD5
e09c03fb36460a6f129680e14fd9eac5

SHA1
3b3af4e3bc6935874a0cf731036f2f38421947a3

SHA256
849f7cce8d5850d8135340037c96a3e79ab77e282ad47af95e3e303623922833

SHA512
079b7ef8cada6edd4765fad043f08e22d56f12ccd0190d5d0cb9d58eea9d1cf63fcfac05619218bc909a2c72f14548a0cfdf6418503ece7be1bb42806f193570

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe

Filesize
196KB

MD5
f2370bb335b819648203e137bd1cad7b

SHA1
0e499b534957c371756ef10eca990186c6e000e7

SHA256
6cf3ea293e965746a064002735c5ac1ae669a7fba4fbc2076a5789badc3576cb

SHA512
e44e9af4a3b94929d209fedff4ad1effe6304fa6ab47bab4b965de367d7f501ec2f11e894b36aed4538c637513f5165f52107204154c21892017c8024e868c96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe

Filesize
196KB

MD5
4e5aec52bbcc1850c697686395ac3d0c

SHA1
61eeab8a0e87a79dec7f6dd2a0128f1b92e68483

SHA256
7804265529b069344f2db82172c541f0519714feafb9dc2fbda7cbfdb51b78b8

SHA512
20fdbad8ab4c8778557221ac6739c80eca0ba3bf47bd5ed90832f9e485f6dc29358b093812044af7a09e50e0945dd238385973ded2ec50288ba79190c9bf9672

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe

Filesize
196KB

MD5
0fb47212450cf03b15feeb1653b429ab

SHA1
9ef34674188753126495c4f02d5661578379eefc

SHA256
70b423f10b2a5e737a45926435c260e8993acd455266d57b7f53809c9bb781eb

SHA512
f97c8d4ae2f249d91794a28a4bbb777dba38adb1662f02a069f6e45b80c08dcf5ebcdc63be778f955bd363cdabcef7a6c5420457e5b38f61f366a2d482d183b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe

Filesize
196KB

MD5
d87d18c5ef8976d58e8256ae60107421

SHA1
3bcff6ce688521b716b6c782fb60e8ab89f16af2

SHA256
b15b5b400d8705af15f667c70be9f96c358e0d1a47ea388fdc537a01fc7187be

SHA512
cece2c456a1ae2af6c4832228a0397de2bbd37c7b34668c0f00bb1f549635b86002700e2d2af41bf780073462b548c7337de968ea8990be03334437b57519786

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58217.exe

Filesize
196KB

MD5
f3130fce865bda951229f221fe8e75d4

SHA1
f1d62fd72e5ae614b88a534323f2e9f367525f7e

SHA256
07b49324e4565ff15aedf7b724fd418c8b4ed577a3185f135809f3ab9c30a343

SHA512
fe4078cfb418bedd798c697f26d1e79a943282256a49adb7a761ee0b59c0a2032f93603d31a1e5421dbfc8595a7a7f21f3f8ee9f0fa10a16e8a0fa9893c4c9fd

Download Submit
memory/2320-1746-0x0000000076E00000-0x0000000076EFA000-memory.dmp

Filesize
1000KB

Download
memory/2320-1745-0x0000000076F00000-0x000000007701F000-memory.dmp

Filesize
1.1MB

Download
memory/2320-1747-0x0000000002500000-0x000000000265C000-memory.dmp

Filesize
1.4MB

Download
memory/2320-1748-0x0000000002500000-0x0000000002610000-memory.dmp

Filesize
1.1MB

Download
memory/2320-1749-0x0000000000480000-0x00000000004AE000-memory.dmp

Filesize
184KB

Download