1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
Size

468KB
MD5

2ee27071c98fa4e66f584e09e613671d
SHA1

6ff9618effab38afac4f98e87b3dab31281b7d9b
SHA256

1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef
SHA512

c01d619e6c6c54373f2e11021dcaf3192477439a8ce069c337b8b1d0b3b084b219c55c931590d3ad7abae1f4847798bc995b5898757446c4a08020c5a11eb8a1
SSDEEP

3072:1G3HogISIE5TtbY2HzcOcf8/zChaP0p2JVHeTVPaQ65LR7ggEslL:1G3obMTtxH4OcfuYHcQ6VVggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2532	Unicorn-18813.exe
2876	Unicorn-59892.exe
3060	Unicorn-21552.exe
3020	Unicorn-1537.exe
2784	Unicorn-3575.exe
2644	Unicorn-9705.exe
2752	Unicorn-55377.exe
2436	Unicorn-20095.exe
3068	Unicorn-7027.exe
1520	Unicorn-250.exe
1296	Unicorn-63741.exe
1104	Unicorn-24490.exe
292	Unicorn-39145.exe
2816	Unicorn-50006.exe
2096	Unicorn-4334.exe
332	Unicorn-59072.exe
2128	Unicorn-12564.exe
340	Unicorn-61786.exe
2372	Unicorn-51380.exe
1276	Unicorn-39036.exe
1500	Unicorn-39036.exe
856	Unicorn-8864.exe
288	Unicorn-19799.exe
1088	Unicorn-61494.exe
2484	Unicorn-2087.exe
1188	Unicorn-56695.exe
1856	Unicorn-11023.exe
1328	Unicorn-6939.exe
2252	Unicorn-14842.exe
2492	Unicorn-7494.exe
880	Unicorn-11791.exe
876	Unicorn-38988.exe
2108	Unicorn-40380.exe
1484	Unicorn-60800.exe
2728	Unicorn-54670.exe
3048	Unicorn-45019.exe
2740	Unicorn-32020.exe
2588	Unicorn-21448.exe
2996	Unicorn-56524.exe
2628	Unicorn-23036.exe
2632	Unicorn-43587.exe
2360	Unicorn-30266.exe
3024	Unicorn-62616.exe
2324	Unicorn-2313.exe
1680	Unicorn-23538.exe
2052	Unicorn-62697.exe
1820	Unicorn-63252.exe
1140	Unicorn-17581.exe
2480	Unicorn-46261.exe
1000	Unicorn-43461.exe
2676	Unicorn-60559.exe
2456	Unicorn-51430.exe
2136	Unicorn-11358.exe
2340	Unicorn-58421.exe
2336	Unicorn-23611.exe
2012	Unicorn-41985.exe
344	Unicorn-13859.exe
1756	Unicorn-9775.exe
972	Unicorn-29641.exe
1236	Unicorn-32254.exe
1696	Unicorn-61498.exe
1584	Unicorn-9696.exe
1796	Unicorn-15827.exe
1852	Unicorn-15827.exe

Loads dropped DLL 64 IoCs

pid	Process
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2532	Unicorn-18813.exe
2532	Unicorn-18813.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2876	Unicorn-59892.exe
2876	Unicorn-59892.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
3060	Unicorn-21552.exe
2532	Unicorn-18813.exe
2532	Unicorn-18813.exe
3060	Unicorn-21552.exe
3020	Unicorn-1537.exe
3020	Unicorn-1537.exe
2876	Unicorn-59892.exe
2876	Unicorn-59892.exe
2752	Unicorn-55377.exe
2752	Unicorn-55377.exe
2644	Unicorn-9705.exe
2532	Unicorn-18813.exe
3060	Unicorn-21552.exe
2644	Unicorn-9705.exe
2532	Unicorn-18813.exe
3060	Unicorn-21552.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2784	Unicorn-3575.exe
2784	Unicorn-3575.exe
2436	Unicorn-20095.exe
2436	Unicorn-20095.exe
3020	Unicorn-1537.exe
3020	Unicorn-1537.exe
3068	Unicorn-7027.exe
3068	Unicorn-7027.exe
2876	Unicorn-59892.exe
2876	Unicorn-59892.exe
2816	Unicorn-50006.exe
2816	Unicorn-50006.exe
2096	Unicorn-4334.exe
2096	Unicorn-4334.exe
1144	WerFault.exe
1144	WerFault.exe
1144	WerFault.exe
1144	WerFault.exe
2784	Unicorn-3575.exe
2784	Unicorn-3575.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
3060	Unicorn-21552.exe
3060	Unicorn-21552.exe
292	Unicorn-39145.exe
292	Unicorn-39145.exe
2644	Unicorn-9705.exe
2644	Unicorn-9705.exe
1296	Unicorn-63741.exe
1296	Unicorn-63741.exe
1520	Unicorn-250.exe
1520	Unicorn-250.exe
2532	Unicorn-18813.exe
2532	Unicorn-18813.exe
1144	WerFault.exe
2752	Unicorn-55377.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1144	1104	WerFault.exe	43
2696	2628	WerFault.exe	70
2888	2588	WerFault.exe	68
2364	2632	WerFault.exe	71
2548	1168	WerFault.exe	119
1724	1820	WerFault.exe	77
2804	1140	WerFault.exe	78
2180	2676	WerFault.exe	81
1656	856	WerFault.exe	52
2300	2484	WerFault.exe	55
2132	1636	WerFault.exe	115
2488	2392	WerFault.exe	101
2692	1676	WerFault.exe	123
2864	2780	WerFault.exe	100
2868	2324	WerFault.exe	74
2844	1756	WerFault.exe	88
2620	2972	WerFault.exe	104
3232	2372	WerFault.exe	48
3564	2336	WerFault.exe	85
3676	2848	WerFault.exe	133
3212	3048	WerFault.exe	66
3716	1356	WerFault.exe	109
4048	2688	WerFault.exe	163
3128	3996	WerFault.exe	208
4084	1712	WerFault.exe	143
3360	3068	WerFault.exe	38
2964	1984	WerFault.exe	138
4356	2784	WerFault.exe	34
4388	344	WerFault.exe	87
4380	1584	WerFault.exe	92
4412	2200	WerFault.exe	116
4424	292	WerFault.exe	40
4632	2460	WerFault.exe	110
4608	2624	WerFault.exe	129
4600	2224	WerFault.exe	97
4592	2424	WerFault.exe	108
4584	2916	WerFault.exe	114
4644	2012	WerFault.exe	86
4576	1796	WerFault.exe	93
4568	2492	WerFault.exe	60
4544	880	WerFault.exe	61
4560	1776	WerFault.exe	106
4552	2016	WerFault.exe	117
4536	1664	WerFault.exe	98
4684	1992	WerFault.exe	142
4676	1336	WerFault.exe	144
4704	2416	WerFault.exe	151
4296	1696	WerFault.exe	91
4472	2728	WerFault.exe	65
1404	972	WerFault.exe	89
4196	2208	WerFault.exe	132
3516	3060	WerFault.exe	32
4260	1000	WerFault.exe	80
4192	2232	WerFault.exe	126
4184	1364	WerFault.exe	128
4156	1564	WerFault.exe	134
4140	1236	WerFault.exe	90
5096	2456	WerFault.exe	82
4912	2816	WerFault.exe	42
4880	2084	WerFault.exe	136
4848	2340	WerFault.exe	84
4696	2052	WerFault.exe	76
2396	2740	WerFault.exe	67
5532	600	WerFault.exe	139

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59728.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5520.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63792.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
2532	Unicorn-18813.exe
2876	Unicorn-59892.exe
3060	Unicorn-21552.exe
3020	Unicorn-1537.exe
2752	Unicorn-55377.exe
2644	Unicorn-9705.exe
2784	Unicorn-3575.exe
2436	Unicorn-20095.exe
3068	Unicorn-7027.exe
2096	Unicorn-4334.exe
1296	Unicorn-63741.exe
2816	Unicorn-50006.exe
1520	Unicorn-250.exe
1104	Unicorn-24490.exe
292	Unicorn-39145.exe
332	Unicorn-59072.exe
2128	Unicorn-12564.exe
340	Unicorn-61786.exe
2372	Unicorn-51380.exe
1500	Unicorn-39036.exe
1276	Unicorn-39036.exe
856	Unicorn-8864.exe
288	Unicorn-19799.exe
1088	Unicorn-61494.exe
2484	Unicorn-2087.exe
1188	Unicorn-56695.exe
1856	Unicorn-11023.exe
1328	Unicorn-6939.exe
2252	Unicorn-14842.exe
2492	Unicorn-7494.exe
880	Unicorn-11791.exe
876	Unicorn-38988.exe
1484	Unicorn-60800.exe
2728	Unicorn-54670.exe
3048	Unicorn-45019.exe
2740	Unicorn-32020.exe
2588	Unicorn-21448.exe
2996	Unicorn-56524.exe
2628	Unicorn-23036.exe
2632	Unicorn-43587.exe
2360	Unicorn-30266.exe
3024	Unicorn-62616.exe
2324	Unicorn-2313.exe
1680	Unicorn-23538.exe
2052	Unicorn-62697.exe
1820	Unicorn-63252.exe
1140	Unicorn-17581.exe
1000	Unicorn-43461.exe
2480	Unicorn-46261.exe
2676	Unicorn-60559.exe
2456	Unicorn-51430.exe
2136	Unicorn-11358.exe
2336	Unicorn-23611.exe
2340	Unicorn-58421.exe
2012	Unicorn-41985.exe
344	Unicorn-13859.exe
972	Unicorn-29641.exe
1756	Unicorn-9775.exe
264	Unicorn-46553.exe
1852	Unicorn-15827.exe
1584	Unicorn-9696.exe
1696	Unicorn-61498.exe
1796	Unicorn-15827.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2532	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	30
PID 2188 wrote to memory of 2532	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	30
PID 2188 wrote to memory of 2532	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	30
PID 2188 wrote to memory of 2532	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	30
PID 2532 wrote to memory of 2876	2532	Unicorn-18813.exe	31
PID 2532 wrote to memory of 2876	2532	Unicorn-18813.exe	31
PID 2532 wrote to memory of 2876	2532	Unicorn-18813.exe	31
PID 2532 wrote to memory of 2876	2532	Unicorn-18813.exe	31
PID 2188 wrote to memory of 3060	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	32
PID 2188 wrote to memory of 3060	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	32
PID 2188 wrote to memory of 3060	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	32
PID 2188 wrote to memory of 3060	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	32
PID 2876 wrote to memory of 3020	2876	Unicorn-59892.exe	33
PID 2876 wrote to memory of 3020	2876	Unicorn-59892.exe	33
PID 2876 wrote to memory of 3020	2876	Unicorn-59892.exe	33
PID 2876 wrote to memory of 3020	2876	Unicorn-59892.exe	33
PID 2188 wrote to memory of 2784	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	34
PID 2188 wrote to memory of 2784	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	34
PID 2188 wrote to memory of 2784	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	34
PID 2188 wrote to memory of 2784	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	34
PID 2532 wrote to memory of 2752	2532	Unicorn-18813.exe	36
PID 2532 wrote to memory of 2752	2532	Unicorn-18813.exe	36
PID 2532 wrote to memory of 2752	2532	Unicorn-18813.exe	36
PID 2532 wrote to memory of 2752	2532	Unicorn-18813.exe	36
PID 3060 wrote to memory of 2644	3060	Unicorn-21552.exe	35
PID 3060 wrote to memory of 2644	3060	Unicorn-21552.exe	35
PID 3060 wrote to memory of 2644	3060	Unicorn-21552.exe	35
PID 3060 wrote to memory of 2644	3060	Unicorn-21552.exe	35
PID 3020 wrote to memory of 2436	3020	Unicorn-1537.exe	37
PID 3020 wrote to memory of 2436	3020	Unicorn-1537.exe	37
PID 3020 wrote to memory of 2436	3020	Unicorn-1537.exe	37
PID 3020 wrote to memory of 2436	3020	Unicorn-1537.exe	37
PID 2876 wrote to memory of 3068	2876	Unicorn-59892.exe	38
PID 2876 wrote to memory of 3068	2876	Unicorn-59892.exe	38
PID 2876 wrote to memory of 3068	2876	Unicorn-59892.exe	38
PID 2876 wrote to memory of 3068	2876	Unicorn-59892.exe	38
PID 2752 wrote to memory of 1520	2752	Unicorn-55377.exe	39
PID 2752 wrote to memory of 1520	2752	Unicorn-55377.exe	39
PID 2752 wrote to memory of 1520	2752	Unicorn-55377.exe	39
PID 2752 wrote to memory of 1520	2752	Unicorn-55377.exe	39
PID 2644 wrote to memory of 292	2644	Unicorn-9705.exe	40
PID 2644 wrote to memory of 292	2644	Unicorn-9705.exe	40
PID 2644 wrote to memory of 292	2644	Unicorn-9705.exe	40
PID 2644 wrote to memory of 292	2644	Unicorn-9705.exe	40
PID 2532 wrote to memory of 1296	2532	Unicorn-18813.exe	41
PID 2532 wrote to memory of 1296	2532	Unicorn-18813.exe	41
PID 2532 wrote to memory of 1296	2532	Unicorn-18813.exe	41
PID 2532 wrote to memory of 1296	2532	Unicorn-18813.exe	41
PID 3060 wrote to memory of 2816	3060	Unicorn-21552.exe	42
PID 3060 wrote to memory of 2816	3060	Unicorn-21552.exe	42
PID 3060 wrote to memory of 2816	3060	Unicorn-21552.exe	42
PID 3060 wrote to memory of 2816	3060	Unicorn-21552.exe	42
PID 2188 wrote to memory of 1104	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	43
PID 2188 wrote to memory of 1104	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	43
PID 2188 wrote to memory of 1104	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	43
PID 2188 wrote to memory of 1104	2188	1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe	43
PID 2784 wrote to memory of 2096	2784	Unicorn-3575.exe	44
PID 2784 wrote to memory of 2096	2784	Unicorn-3575.exe	44
PID 2784 wrote to memory of 2096	2784	Unicorn-3575.exe	44
PID 2784 wrote to memory of 2096	2784	Unicorn-3575.exe	44
PID 2436 wrote to memory of 332	2436	Unicorn-20095.exe	45
PID 2436 wrote to memory of 332	2436	Unicorn-20095.exe	45
PID 2436 wrote to memory of 332	2436	Unicorn-20095.exe	45
PID 2436 wrote to memory of 332	2436	Unicorn-20095.exe	45

C:\Users\Admin\AppData\Local\Temp\1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe
"C:\Users\Admin\AppData\Local\Temp\1a1e148dfd5903b368e930afd0163e3f16d18f09b9e68062e95f0f97759b99ef.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29314.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        10⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 244
        10⤵
        Program crash
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
        10⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        10⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        9⤵
        Program crash
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        9⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 244
        9⤵
        Program crash
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        9⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 244
        8⤵
        Program crash
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33097.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        9⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 224
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45406.exe
        8⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
        8⤵
        Program crash
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        8⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        8⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3835.exe
        8⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        8⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        8⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 220
        8⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        7⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
        7⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        9⤵
        Program crash
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16817.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        8⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1086.exe
        8⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31705.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        8⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33772.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11970.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        7⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3639.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        7⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 188
        8⤵
        Program crash
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52038.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        8⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 244
        8⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        7⤵
        Program crash
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        7⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        7⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        6⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        7⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54723.exe
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
        6⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        6⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        6⤵
        Executes dropped EXE
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        8⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        9⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        9⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
        9⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
        9⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        9⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        8⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52689.exe
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        8⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        8⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        7⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        8⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 244
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        7⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        8⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 212
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        7⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 220
        7⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        7⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 224
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31000.exe
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        7⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58283.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        6⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        6⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56667.exe
        6⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        7⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 212
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-289.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36962.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        7⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        7⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        6⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        7⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
        7⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        6⤵
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 244
        6⤵
        Program crash
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        6⤵
        Program crash
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
        5⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
        6⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        6⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10724.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        5⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
        5⤵
        
        PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        5⤵
        
        PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9604.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
        8⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        9⤵
        Program crash
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        8⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        8⤵
        Program crash
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6324.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        8⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        7⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        7⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40867.exe
        7⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 232
        7⤵
        
        PID:10132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        6⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        7⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        8⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 212
        8⤵
        Program crash
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        7⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        7⤵
        Program crash
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4669.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        7⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        7⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25597.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        6⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        6⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        6⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        7⤵
        Program crash
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        6⤵
        Program crash
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65503.exe
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21250.exe
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
        7⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
        7⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46880.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        6⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11913.exe
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27028.exe
        6⤵
        
        PID:8424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 244
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        6⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        6⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1936.exe
        6⤵
        
        PID:10204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        5⤵
        Program crash
        
        PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
        6⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 220
        7⤵
        Program crash
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59500.exe
        6⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        7⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        7⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        6⤵
        
        PID:920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 244
        6⤵
        Program crash
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59744.exe
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        6⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 212
        7⤵
        
        PID:9940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 244
        6⤵
        Program crash
        
        PID:4592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        5⤵
        Program crash
        
        PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 220
        5⤵
        Program crash
        
        PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2474.exe
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 224
        6⤵
        
        PID:5284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 244
        5⤵
        Program crash
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46149.exe
        5⤵
        
        PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64858.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
      4⤵
      PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
      4⤵
      PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
      4⤵
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
      4⤵
      PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17567.exe
      4⤵
      PID:8964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        8⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        8⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43794.exe
        8⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 224
        8⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        7⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 220
        7⤵
        Program crash
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38899.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13813.exe
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
        6⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45382.exe
        6⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1872.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        7⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        6⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
        7⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        7⤵
        
        PID:9452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        6⤵
        Program crash
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51580.exe
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        6⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        7⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5520.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        6⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18903.exe
        6⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
        5⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        6⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        5⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        5⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54522.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        5⤵
        
        PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11358.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
        6⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        7⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 244
        7⤵
        Program crash
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        6⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45651.exe
        7⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 212
        7⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62392.exe
        6⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        6⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
        6⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40366.exe
        5⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        6⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
        5⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        6⤵
        
        PID:9472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 244
        5⤵
        Program crash
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        5⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        6⤵
        
        PID:3460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 244
        6⤵
        Program crash
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        5⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
        6⤵
        
        PID:9920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        5⤵
        Program crash
        
        PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
      4⤵
      PID:2848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        5⤵
        Program crash
        
        PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        5⤵
        
        PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
      4⤵
      PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56129.exe
      4⤵
      PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14261.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
      4⤵
      PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
      4⤵
      PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
      4⤵
      PID:9900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39806.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        8⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        8⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        8⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49238.exe
        7⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49817.exe
        6⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        7⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19092.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32295.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        6⤵
        
        PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        5⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe
        6⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
        7⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        7⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        6⤵
        
        PID:3456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 220
        6⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        5⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35163.exe
        6⤵
        
        PID:8352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 240
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20321.exe
        5⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6111.exe
        5⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        5⤵
        
        PID:7356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        5⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        5⤵
        
        PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14539.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
        6⤵
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 244
        6⤵
        Program crash
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59158.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        5⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59549.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57115.exe
        5⤵
        
        PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45235.exe
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        6⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        6⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        5⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
      4⤵
      PID:3996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 220
        5⤵
        Program crash
        
        PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
      4⤵
      PID:3680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 232
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14842.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
        5⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        6⤵
        
        PID:5884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 220
        6⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        5⤵
        
        PID:3800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        5⤵
        Program crash
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
      4⤵
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        5⤵
        
        PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        5⤵
        
        PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
      4⤵
      PID:3472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 224
      4⤵
      PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
      4⤵
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        5⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        5⤵
        
        PID:6860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 220
        5⤵
        
        PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
      4⤵
      PID:3436
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
      4⤵
      Program crash
      PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
    3⤵
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
      4⤵
      PID:4104
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 220
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
    3⤵
    PID:3840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
    3⤵
    PID:4240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
    3⤵
    PID:6996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
    3⤵
    PID:9064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        7⤵
        Program crash
        
        PID:2868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 232
        6⤵
        Program crash
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
        6⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
        6⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55481.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        6⤵
        
        PID:10164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
        5⤵
        Program crash
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
        6⤵
        Program crash
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        5⤵
        
        PID:2416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 220
        6⤵
        Program crash
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        5⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        5⤵
        
        PID:7708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 232
        5⤵
        
        PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        5⤵
        
        PID:1992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
        6⤵
        Program crash
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        5⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        5⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        5⤵
        
        PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        5⤵
        
        PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
        5⤵
        
        PID:10092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
      4⤵
      PID:1336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 220
        5⤵
        Program crash
        
        PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27752.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
      4⤵
      PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
      4⤵
      PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
      4⤵
      PID:7744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
      4⤵
      PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
      4⤵
      PID:10072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23611.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
        6⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16263.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57461.exe
        7⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        7⤵
        
        PID:6140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 232
        6⤵
        Program crash
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        5⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11218.exe
        6⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        7⤵
        
        PID:9392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 244
        6⤵
        Program crash
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        5⤵
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 240
        6⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        5⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        5⤵
        
        PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
        5⤵
        Program crash
        
        PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        5⤵
        
        PID:6888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 220
        5⤵
        
        PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
      4⤵
      PID:3888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
      4⤵
      Program crash
      PID:4912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        5⤵
        Program crash
        
        PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        5⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        6⤵
        
        PID:2192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 244
        5⤵
        Program crash
        
        PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25407.exe
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
        5⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        5⤵
        
        PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
      4⤵
      PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31767.exe
      4⤵
      PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
      4⤵
      PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
      4⤵
      PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-162.exe
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48103.exe
      4⤵
      PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
      4⤵
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        5⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5232.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
      4⤵
      PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
      4⤵
      PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
      4⤵
      PID:8916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
    3⤵
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
      4⤵
      PID:4736
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 224
      4⤵
      PID:5128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4694.exe
    3⤵
    PID:4088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
    3⤵
    - Program crash
    PID:3516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39036.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14072.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        8⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 224
        8⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 232
        7⤵
        Program crash
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        7⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 224
        7⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36688.exe
        6⤵
        
        PID:4420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        6⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
        7⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
        7⤵
        
        PID:9664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 224
        6⤵
        Program crash
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26884.exe
        6⤵
        
        PID:8676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        5⤵
        
        PID:3332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        5⤵
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        5⤵
        Program crash
        
        PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        6⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
        6⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        6⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        6⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2749.exe
        6⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        5⤵
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        5⤵
        
        PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        5⤵
        
        PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9636.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
      4⤵
      PID:6564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
      4⤵
      PID:7396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
      4⤵
      PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
      4⤵
      PID:8488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8639.exe
        6⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        6⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
        5⤵
        
        PID:3252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
        5⤵
        Program crash
        
        PID:1404
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 232
      4⤵
      Program crash
      PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
    3⤵
    - Executes dropped EXE
    PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39428.exe
      4⤵
      PID:1676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        5⤵
        Program crash
        
        PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        5⤵
        
        PID:6880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 220
        5⤵
        
        PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32197.exe
      4⤵
      PID:3284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 224
      4⤵
      Program crash
      PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32106.exe
      4⤵
      PID:3400
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 224
      4⤵
      Program crash
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
    3⤵
    PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
      4⤵
      PID:5324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 244
    3⤵
    - Program crash
    PID:4356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60559.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28847.exe
      4⤵
      PID:1636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        5⤵
        Program crash
        
        PID:2132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 232
      4⤵
      Program crash
      PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10927.exe
    3⤵
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
      4⤵
      PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        5⤵
        
        PID:9680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 224
      4⤵
      Program crash
      PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
      4⤵
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46870.exe
      4⤵
      PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
      4⤵
      PID:9052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
      4⤵
      PID:9292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
    3⤵
    PID:4212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 244
    3⤵
    PID:6820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65167.exe
    3⤵
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
      4⤵
      PID:5592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 212
      4⤵
      PID:6788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
    3⤵
    PID:3548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
    3⤵
    - Program crash
    PID:5096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
  2⤵
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32402.exe
    3⤵
    PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
    3⤵
    PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
    3⤵
    PID:6436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
    3⤵
    PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
    3⤵
    PID:7392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
    3⤵
    PID:8568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
  2⤵
  PID:3228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1687.exe
  2⤵
  PID:4664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
  2⤵
  PID:5964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16050.exe
  2⤵
  PID:6344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
  2⤵
  PID:8148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
  2⤵
  PID:9180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31730.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31730.exe
  2⤵
  PID:5392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe

Filesize
468KB

MD5
929514481289c76b5cff0689e512378d

SHA1
4f948fc2c38c69747d03a6f70ff26f030f4bce46

SHA256
246e5de608b9d6fd23033f341b4cc4194a5bddcb23947adc53c209a61a4086da

SHA512
e6d4fbd4f0e96081df1abf46afa853cf38cf1563dc6dcc7160c69838e69e495623c04d3192681667c18f6d77b2599e5e02d1b33299267370eec66dd9dcab6794

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe

Filesize
468KB

MD5
4cc66481e2e29c49d861933f92321b64

SHA1
3fd1183358a4b304a66cd07c391413cde9bf4e5e

SHA256
c4feba2e8b1c94960897baf2bb8711a3c0be0d049a928d2c7a20e525128d6ea7

SHA512
ba4f11f0e1d19952c1ea78decf37163de1a4c3e4edede7bef220e2303da28344b9f904c3a7c759140fbe13ad1717bb91b7bc0b90820f1b27ae4d1bc9af071591

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe

Filesize
468KB

MD5
f673071e07d0deaed273b03e2211fc65

SHA1
b4e18896333ed6c3f9027bf0181e223bbd5158f2

SHA256
3f686e5e84553a7ee2724a0e6f017c3f34d609dee3641717c5c257b30fb5f21e

SHA512
237eee4c4a7825db3c32b36d4ee080cc9c0da5058a97046d875fbe347db2166568e1872dc4254126b96a2a95294cd9a7a6642366224dd8cf15a7492aeaeff9b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe

Filesize
468KB

MD5
1b54bc09c6abf79831fa69f7167c56d7

SHA1
44ec93f7ae50ed1ef01b30758f1ffd65cf040d4a

SHA256
77e06d86ebc491dbfaf1402884647facbab48f91b7e5f2a94bee501130b178cf

SHA512
07cbcb8e833e5176b6cd94a182bd1f3010962584b5df964a741d50edfd2ac748567acc0e8c19b13e936d378eb87fc9c00adf004ba069f7ea4d73f1f11033b311

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59072.exe

Filesize
468KB

MD5
b6cd20ef3e26436a50dcfcf48d7dc965

SHA1
986af16bb14fb82035359e62a56bee5974efaf09

SHA256
60b632c859f11d13a161fdf9bbc354b3c681b64dcf67b6fdcbef44b6d7be4b56

SHA512
d8b1c3665dfec53ecef09c12bf36b48efd1726e98f1c3890cb0de2d2c3d8075b6b54a3e748aad10a843c70f69bdb02cd8252ee468167b8ea566c76d1a7047594

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe

Filesize
468KB

MD5
8934c1b54b4783d1d06881b34f895f78

SHA1
9f9a25e94da5637dd1a8adb88d50e75c9bf293a4

SHA256
5f95642852cec49077c147ae21a1bf2da6cabf8c21e502de1d01bd36944143bc

SHA512
5f9434e1fa77ebfc97291932e0f0259eb0b1c765bc04cac73403b34a4858df71ca12637c428a8a8d9be4311ec96097fe567631666cf85b7e42101920c9a877ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe

Filesize
468KB

MD5
84e15487e414d8dc2b9c49f3b4ccd2c7

SHA1
0e98ab01f32fc5c20881b99f3891dd7f0a84725f

SHA256
69c1f6af04fd1e7e69dd962b8ece869bfeb898a687be57822f23b09e80cbd169

SHA512
60b234881730b92a1a6aeeb4d6b2d7ae3530d780973c164530fbbf5793f3a5cdc35629791eafcdb968de5b4531c35f2aa637e2e2c18b47b30456a81dfc202b0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18813.exe

Filesize
468KB

MD5
9194ce87eb5f3444abc37dc3cb50a9d2

SHA1
f5337fc5b69e2190db46955646f8d39d577cd3e6

SHA256
d4b67c1ab619b7892c8ad8acb197c6fe4418a1ecd39a121102b848cce24f7f6f

SHA512
765471ceb71d4e5d95617f1a1d7a8c0a138fec964625d2ddbf22b2f752bf7d532979a2cffe5e95617de7d0758e42a062e0ad57fbb20e1a85ff1551f238ebd59f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe

Filesize
468KB

MD5
ac98ba670d00c429b1a6971a96519161

SHA1
59855f73c541934e35cbbb5ad98762955903b9df

SHA256
f840e4fc78cdb16ad360a96c5b68d222b5a3b979ab9e71e956c9c283342d0ed7

SHA512
8a0a67654123e01ef2b713248796d358f9915aeb2d32da017f72bd34856464a05abee256a96fe1cfc4121818ec89fa1c979d39082f2550f267f64f61b2180f80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe

Filesize
468KB

MD5
ca774fa43d068411e873a42ac70b8d78

SHA1
1865008fab4dace67470d2a8db641bc1a91684c9

SHA256
8190f88fa454cbc7b9270b28210cd03564e815a92b04edc85c97c825f02058db

SHA512
67ee31e335dd70c0abab0a6691d53267f60435c9a89adcee778768abb2ce48a3d3a1e80ac293de0003244be4667966a6aa7c8df1fcb316db353014e22e1067a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3575.exe

Filesize
468KB

MD5
3c51b023aa8d5b621a27180d15bd6da4

SHA1
e902b03a275bd1dfa2e3e07f4b53c215d712b495

SHA256
bb62e1f382509d3a403901e3748f0f414941771ec6600c6b309134549034b058

SHA512
30073954f923188df37681cd780c51f4ee5554b9344611624d4bb94176350ca83b222db7c06c803c75449b8b872a3dd72b3dc9d6b30e164f0daaacd0c26384af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe

Filesize
468KB

MD5
5cad6990f7093ce159a6cfbcd31fa4d5

SHA1
ee29706b751e62ca1d37881d3a3643675c1d3aa0

SHA256
1eb3916f3ed2b4220e0c3594f424cf8d9c9d789e8ac43fd78a0060eebdd9d3fa

SHA512
16d7aa9803aeffb02665bf94299a2474530106f8f43bd937152656dae2e3a298d5fa4b0a81a68ecd92bdaea9aa34cb8cc10fab487939081100fc68e48dd01e16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe

Filesize
468KB

MD5
f4a340e722d25db1c386cc8b54a9a957

SHA1
4a75866d5819f2b4d3429fa2e0af81ac12a71c21

SHA256
b209d90a65fddf4cd6fc1814ce35501329c107ed876a8efccd7aedc85347d1b1

SHA512
d6e8276561067fb566ec0364826d7bd1ed99b4d98bbd04797a81935830303e1907e224b88772f598ea5b6f2746fd6d2b9be52fddde2edb0da8d26210e7da6530

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe

Filesize
468KB

MD5
904089bcc1c257798559850a740f3a27

SHA1
bae673f939a3f26cad0ba2db01fbb59eea3bdcf9

SHA256
898ce7706c159392a4164aecec3ad566378a63d335ff669c2d620783e3e8dc4a

SHA512
8e3a89c1948f7fdaf869e843d18b10d809796f11ff04a21c8db3cccc168c195e39ed3d30d3fde128696ca6ad23ff84d06c5f4ca92ad965d2cf0facb80b0806cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51380.exe

Filesize
468KB

MD5
656a07c972dbff1b8a219add99dec04e

SHA1
9034abc782707f1dc7e0b18a0da4a2dfc0969f8a

SHA256
d493c2b3aa902f831af68bcc345287bf719df6681389abfbf53b36c70634636d

SHA512
688299338413f9e69716edf8da31c1a351bf38a04e4ccce5a67480532db263c298a79d173a606d0e7e95c062b3664ff576eb8e3aa2f6b14ff52f4cf4b2c326a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe

Filesize
468KB

MD5
3e16f79656d894f090f5b239a167c8da

SHA1
32cb5bd46785eea72e27aaefcb83c0ca7097a50b

SHA256
383bcf1eede402ac851f194bbddd93c16830c8b46ffff9e73c77b6b4782e648a

SHA512
17e69e6f8235df2071287b9eb66c0ca7942922003b0fbbfa38a47f6bf216bdd83b72dc08d2ff2ef260e28a6294d9700586fe260ccfda059251d600d3851d9b38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe

Filesize
468KB

MD5
fdf16d6987818be9a3209cd81f0db19c

SHA1
365d41a30727eeaa3f465218ae53f6b10c1eff00

SHA256
8b0384705fa2a4ff81af67259bd7bfba34d6f96ceae84feee3e5fe34471da98a

SHA512
61b7f57bfe93459580e20429782f4d105e45ba9691cdbff52f1e40fce062a501d4cb82d309559408539772970f31693618ca4474eadcfb3c5ac96b63ca9ac5ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe

Filesize
468KB

MD5
c986f6ab6937af8d61bfb244e562e246

SHA1
9cd3009fd5f26e42c8fe22e740d4a61fc933ce91

SHA256
fd7628ded9ca008e5b4762606b1bbddf1256dda7eec171a5b22c53cba796cd98

SHA512
621ea4d6dc3757e7e317881ade0f063cb1999606b7a2279cbdf2b272954fef03bc87bc2ed7fb7c1e7e161db90fd404e8b778540ea0f0bffb148b4b850855b6aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe

Filesize
468KB

MD5
f85386e3eea3fc0ad29ac0965596fb4c

SHA1
581685f78f39d26a608db481933bb226aa572b7b

SHA256
1454e67d3f4a3a970b35a56affe2af2033d8713fd78ac61da63193b59a265dfc

SHA512
ba9c2f2fbf3cb195207484d333eaf363edc9d6424e7d04076b14905dbaf7b6decc0dbe5c8d7ef837e4efc049f313d614edb6f01fbe89734bff7585ae520f59fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe

Filesize
468KB

MD5
a070ef879c0474dedd040b4669da81da

SHA1
ddf66f62db2cdd39df3b8c9c36812d07e4729f96

SHA256
d780a26bb7471e469db411539e54e59bb602ff022ae3f7f307c5c3e76b660576

SHA512
59ad34b8f0873c17972ca67a54e3332b0de06a6887f810007c4279422032404cf676a3d29a6719a3b1f5fb0428e2dc3215c9a015c4c09e064bddd66dfc2b9157

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9705.exe

Filesize
468KB

MD5
2c26a6e5adb332ab229d5515ec8d8352

SHA1
892442715ebcba835d94ae40de4b85901e641335

SHA256
fbd6d37c79437f419cd706587d122bb6deb988a1c724bbd7b982f8a2190fb767

SHA512
0e33425c458f6baf798000cedd928541498acedbecd41caf8e49745dd9964c6497e74e8d6994582df416f28b8b89f5ee23e3154aded457bef63e7a6359276972

Download Submit