9cd0dfee402cf5aac1514bf34c627eef42dffd8cda81e88a2eb95d55a97cf86c

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39f78137bfe2fc3c358fef2300767d40N.exe
Size

468KB
MD5

39f78137bfe2fc3c358fef2300767d40
SHA1

f49eaf896d45bb73ca67a4d763ebbe17c0cb2f5f
SHA256

9cd0dfee402cf5aac1514bf34c627eef42dffd8cda81e88a2eb95d55a97cf86c
SHA512

eb8f455540de9fbd7d0b987ffbcda46c6bef07eb2b5680ec62d953795bbe761cba86d639d5bd07fd4299fb778d1f66e8a419e549b40602b4561d43834882c693
SSDEEP

3072:1G3HogIS3E5TtbY2HzcOcf8/zCcaP0pbJVHeTVPyQ65LR7ggEqlp:1G3o0MTtxH4OcfVYG0Q6VVggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2744	Unicorn-49731.exe
2696	Unicorn-64801.exe
2192	Unicorn-53104.exe
1720	Unicorn-54804.exe
2556	Unicorn-50206.exe
2960	Unicorn-21255.exe
1928	Unicorn-6956.exe
1144	Unicorn-45178.exe
2908	Unicorn-29034.exe
2540	Unicorn-22903.exe
2856	Unicorn-4721.exe
1636	Unicorn-50393.exe
860	Unicorn-25696.exe
1980	Unicorn-45297.exe
2332	Unicorn-45562.exe
1808	Unicorn-64368.exe
2088	Unicorn-20190.exe
2456	Unicorn-26673.exe
2640	Unicorn-59464.exe
1080	Unicorn-6999.exe
2520	Unicorn-33881.exe
1536	Unicorn-60423.exe
2044	Unicorn-1016.exe
2216	Unicorn-42241.exe
1640	Unicorn-11222.exe
1628	Unicorn-41479.exe
2480	Unicorn-9376.exe
2460	Unicorn-25713.exe
1096	Unicorn-22567.exe
2924	Unicorn-30735.exe
2876	Unicorn-51727.exe
1492	Unicorn-30988.exe
2448	Unicorn-37119.exe
2784	Unicorn-58478.exe
2800	Unicorn-62199.exe
2644	Unicorn-57710.exe
2720	Unicorn-28681.exe
2588	Unicorn-62500.exe
2964	Unicorn-52324.exe
1848	Unicorn-16314.exe
2272	Unicorn-43386.exe
1208	Unicorn-60684.exe
2904	Unicorn-16637.exe
2544	Unicorn-23461.exe
1500	Unicorn-56195.exe
2388	Unicorn-23388.exe
480	Unicorn-3787.exe
2944	Unicorn-32205.exe
1476	Unicorn-7186.exe
600	Unicorn-26787.exe
1604	Unicorn-9546.exe
3032	Unicorn-40565.exe
3040	Unicorn-36163.exe
1356	Unicorn-34125.exe
2052	Unicorn-9428.exe
1248	Unicorn-60859.exe
1736	Unicorn-47124.exe
796	Unicorn-60165.exe
1704	Unicorn-33392.exe
2140	Unicorn-4057.exe
2352	Unicorn-28562.exe
1948	Unicorn-3984.exe
2208	Unicorn-9080.exe
2112	Unicorn-28946.exe

Loads dropped DLL 64 IoCs

pid	Process
3052	39f78137bfe2fc3c358fef2300767d40N.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
2744	Unicorn-49731.exe
2744	Unicorn-49731.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
2696	Unicorn-64801.exe
2696	Unicorn-64801.exe
2744	Unicorn-49731.exe
2744	Unicorn-49731.exe
2192	Unicorn-53104.exe
2192	Unicorn-53104.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
2556	Unicorn-50206.exe
2556	Unicorn-50206.exe
2744	Unicorn-49731.exe
1720	Unicorn-54804.exe
1720	Unicorn-54804.exe
2744	Unicorn-49731.exe
1928	Unicorn-6956.exe
2696	Unicorn-64801.exe
1928	Unicorn-6956.exe
2696	Unicorn-64801.exe
2192	Unicorn-53104.exe
2192	Unicorn-53104.exe
2960	Unicorn-21255.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
2960	Unicorn-21255.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
1144	Unicorn-45178.exe
1144	Unicorn-45178.exe
2556	Unicorn-50206.exe
2556	Unicorn-50206.exe
2540	Unicorn-22903.exe
2540	Unicorn-22903.exe
2744	Unicorn-49731.exe
2744	Unicorn-49731.exe
1720	Unicorn-54804.exe
1720	Unicorn-54804.exe
860	Unicorn-25696.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
860	Unicorn-25696.exe
2192	Unicorn-53104.exe
2192	Unicorn-53104.exe
1636	Unicorn-50393.exe
1636	Unicorn-50393.exe
1980	Unicorn-45297.exe
2696	Unicorn-64801.exe
1980	Unicorn-45297.exe
2696	Unicorn-64801.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
3052	39f78137bfe2fc3c358fef2300767d40N.exe
2856	Unicorn-4721.exe
2856	Unicorn-4721.exe
2332	Unicorn-45562.exe
2332	Unicorn-45562.exe
1928	Unicorn-6956.exe
1928	Unicorn-6956.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2160	2908	WerFault.exe	39
2888	2456	WerFault.exe	47
1160	2044	WerFault.exe	53
1484	2216	WerFault.exe	54
2824	2720	WerFault.exe	68
644	2944	WerFault.exe	81
2932	1080	WerFault.exe	50
1972	2388	WerFault.exe	79
2156	1500	WerFault.exe	78
1768	2308	WerFault.exe	124
888	2108	WerFault.exe	110
3236	1736	WerFault.exe	89
3272	2364	WerFault.exe	130
3320	1604	WerFault.exe	84
3384	1428	WerFault.exe	121
3296	1248	WerFault.exe	90
3284	1476	WerFault.exe	82
3428	2832	WerFault.exe	106
3420	2064	WerFault.exe	112
3412	844	WerFault.exe	120
3404	3012	WerFault.exe	114
3956	860	WerFault.exe	42
3964	2332	WerFault.exe	43
4032	2544	WerFault.exe	77
3880	3068	WerFault.exe	109
4072	1640	WerFault.exe	55
3900	2924	WerFault.exe	60
4064	1808	WerFault.exe	45
3252	480	WerFault.exe	80
3736	2876	WerFault.exe	61
3524	2644	WerFault.exe	67
3464	2800	WerFault.exe	65
3456	600	WerFault.exe	83
3448	2448	WerFault.exe	63
3824	2076	WerFault.exe	108
4132	1576	WerFault.exe	98
3800	1652	WerFault.exe	111
4116	2112	WerFault.exe	97
4100	2500	WerFault.exe	117
4124	796	WerFault.exe	91
4108	2208	WerFault.exe	96
3532	2352	WerFault.exe	94
3852	2444	WerFault.exe	133
4152	1696	WerFault.exe	134
4172	3020	WerFault.exe	136
4180	2316	WerFault.exe	137
4248	2060	WerFault.exe	147
4516	2052	WerFault.exe	88
4564	2964	WerFault.exe	70
4616	2604	WerFault.exe	127
4644	1096	WerFault.exe	59
4636	1264	WerFault.exe	123
4816	2960	WerFault.exe	35
4660	1332	WerFault.exe	115
4876	2904	WerFault.exe	75
5016	1712	WerFault.exe	150
4980	596	WerFault.exe	149
4940	1372	WerFault.exe	153
4984	3756	WerFault.exe	214
4896	2724	WerFault.exe	144
5092	1800	WerFault.exe	138
5056	2088	WerFault.exe	46
4916	2460	WerFault.exe	58
5156	1720	WerFault.exe	33

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24825.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25848.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3052	39f78137bfe2fc3c358fef2300767d40N.exe
2744	Unicorn-49731.exe
2696	Unicorn-64801.exe
2192	Unicorn-53104.exe
1720	Unicorn-54804.exe
2556	Unicorn-50206.exe
2960	Unicorn-21255.exe
1928	Unicorn-6956.exe
1144	Unicorn-45178.exe
2908	Unicorn-29034.exe
2540	Unicorn-22903.exe
1636	Unicorn-50393.exe
2856	Unicorn-4721.exe
1980	Unicorn-45297.exe
2332	Unicorn-45562.exe
860	Unicorn-25696.exe
1808	Unicorn-64368.exe
2088	Unicorn-20190.exe
2456	Unicorn-26673.exe
2640	Unicorn-59464.exe
1536	Unicorn-60423.exe
2520	Unicorn-33881.exe
2044	Unicorn-1016.exe
1080	Unicorn-6999.exe
1640	Unicorn-11222.exe
2216	Unicorn-42241.exe
2480	Unicorn-9376.exe
1628	Unicorn-41479.exe
2460	Unicorn-25713.exe
1096	Unicorn-22567.exe
2924	Unicorn-30735.exe
2876	Unicorn-51727.exe
2448	Unicorn-37119.exe
1492	Unicorn-30988.exe
2784	Unicorn-58478.exe
2800	Unicorn-62199.exe
2644	Unicorn-57710.exe
2720	Unicorn-28681.exe
2588	Unicorn-62500.exe
2964	Unicorn-52324.exe
1848	Unicorn-16314.exe
2272	Unicorn-43386.exe
1208	Unicorn-60684.exe
2904	Unicorn-16637.exe
2544	Unicorn-23461.exe
1500	Unicorn-56195.exe
480	Unicorn-3787.exe
2388	Unicorn-23388.exe
1476	Unicorn-7186.exe
600	Unicorn-26787.exe
2944	Unicorn-32205.exe
1604	Unicorn-9546.exe
3032	Unicorn-40565.exe
3040	Unicorn-36163.exe
1356	Unicorn-34125.exe
2052	Unicorn-9428.exe
1248	Unicorn-60859.exe
1736	Unicorn-47124.exe
796	Unicorn-60165.exe
1704	Unicorn-33392.exe
2140	Unicorn-4057.exe
2352	Unicorn-28562.exe
1948	Unicorn-3984.exe
2208	Unicorn-9080.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2744	3052	39f78137bfe2fc3c358fef2300767d40N.exe	30
PID 3052 wrote to memory of 2744	3052	39f78137bfe2fc3c358fef2300767d40N.exe	30
PID 3052 wrote to memory of 2744	3052	39f78137bfe2fc3c358fef2300767d40N.exe	30
PID 3052 wrote to memory of 2744	3052	39f78137bfe2fc3c358fef2300767d40N.exe	30
PID 2744 wrote to memory of 2696	2744	Unicorn-49731.exe	31
PID 2744 wrote to memory of 2696	2744	Unicorn-49731.exe	31
PID 2744 wrote to memory of 2696	2744	Unicorn-49731.exe	31
PID 2744 wrote to memory of 2696	2744	Unicorn-49731.exe	31
PID 3052 wrote to memory of 2192	3052	39f78137bfe2fc3c358fef2300767d40N.exe	32
PID 3052 wrote to memory of 2192	3052	39f78137bfe2fc3c358fef2300767d40N.exe	32
PID 3052 wrote to memory of 2192	3052	39f78137bfe2fc3c358fef2300767d40N.exe	32
PID 3052 wrote to memory of 2192	3052	39f78137bfe2fc3c358fef2300767d40N.exe	32
PID 2696 wrote to memory of 1720	2696	Unicorn-64801.exe	33
PID 2696 wrote to memory of 1720	2696	Unicorn-64801.exe	33
PID 2696 wrote to memory of 1720	2696	Unicorn-64801.exe	33
PID 2696 wrote to memory of 1720	2696	Unicorn-64801.exe	33
PID 2744 wrote to memory of 2556	2744	Unicorn-49731.exe	34
PID 2744 wrote to memory of 2556	2744	Unicorn-49731.exe	34
PID 2744 wrote to memory of 2556	2744	Unicorn-49731.exe	34
PID 2744 wrote to memory of 2556	2744	Unicorn-49731.exe	34
PID 2192 wrote to memory of 2960	2192	Unicorn-53104.exe	35
PID 2192 wrote to memory of 2960	2192	Unicorn-53104.exe	35
PID 2192 wrote to memory of 2960	2192	Unicorn-53104.exe	35
PID 2192 wrote to memory of 2960	2192	Unicorn-53104.exe	35
PID 3052 wrote to memory of 1928	3052	39f78137bfe2fc3c358fef2300767d40N.exe	36
PID 3052 wrote to memory of 1928	3052	39f78137bfe2fc3c358fef2300767d40N.exe	36
PID 3052 wrote to memory of 1928	3052	39f78137bfe2fc3c358fef2300767d40N.exe	36
PID 3052 wrote to memory of 1928	3052	39f78137bfe2fc3c358fef2300767d40N.exe	36
PID 2556 wrote to memory of 1144	2556	Unicorn-50206.exe	37
PID 2556 wrote to memory of 1144	2556	Unicorn-50206.exe	37
PID 2556 wrote to memory of 1144	2556	Unicorn-50206.exe	37
PID 2556 wrote to memory of 1144	2556	Unicorn-50206.exe	37
PID 1720 wrote to memory of 2908	1720	Unicorn-54804.exe	39
PID 1720 wrote to memory of 2908	1720	Unicorn-54804.exe	39
PID 1720 wrote to memory of 2908	1720	Unicorn-54804.exe	39
PID 1720 wrote to memory of 2908	1720	Unicorn-54804.exe	39
PID 2744 wrote to memory of 2540	2744	Unicorn-49731.exe	38
PID 2744 wrote to memory of 2540	2744	Unicorn-49731.exe	38
PID 2744 wrote to memory of 2540	2744	Unicorn-49731.exe	38
PID 2744 wrote to memory of 2540	2744	Unicorn-49731.exe	38
PID 1928 wrote to memory of 2856	1928	Unicorn-6956.exe	40
PID 2696 wrote to memory of 1636	2696	Unicorn-64801.exe	41
PID 1928 wrote to memory of 2856	1928	Unicorn-6956.exe	40
PID 2696 wrote to memory of 1636	2696	Unicorn-64801.exe	41
PID 1928 wrote to memory of 2856	1928	Unicorn-6956.exe	40
PID 2696 wrote to memory of 1636	2696	Unicorn-64801.exe	41
PID 1928 wrote to memory of 2856	1928	Unicorn-6956.exe	40
PID 2696 wrote to memory of 1636	2696	Unicorn-64801.exe	41
PID 2192 wrote to memory of 860	2192	Unicorn-53104.exe	42
PID 2192 wrote to memory of 860	2192	Unicorn-53104.exe	42
PID 2192 wrote to memory of 860	2192	Unicorn-53104.exe	42
PID 2192 wrote to memory of 860	2192	Unicorn-53104.exe	42
PID 2960 wrote to memory of 2332	2960	Unicorn-21255.exe	43
PID 2960 wrote to memory of 2332	2960	Unicorn-21255.exe	43
PID 2960 wrote to memory of 2332	2960	Unicorn-21255.exe	43
PID 2960 wrote to memory of 2332	2960	Unicorn-21255.exe	43
PID 3052 wrote to memory of 1980	3052	39f78137bfe2fc3c358fef2300767d40N.exe	44
PID 3052 wrote to memory of 1980	3052	39f78137bfe2fc3c358fef2300767d40N.exe	44
PID 3052 wrote to memory of 1980	3052	39f78137bfe2fc3c358fef2300767d40N.exe	44
PID 3052 wrote to memory of 1980	3052	39f78137bfe2fc3c358fef2300767d40N.exe	44
PID 1144 wrote to memory of 1808	1144	Unicorn-45178.exe	45
PID 1144 wrote to memory of 1808	1144	Unicorn-45178.exe	45
PID 1144 wrote to memory of 1808	1144	Unicorn-45178.exe	45
PID 1144 wrote to memory of 1808	1144	Unicorn-45178.exe	45

C:\Users\Admin\AppData\Local\Temp\39f78137bfe2fc3c358fef2300767d40N.exe
"C:\Users\Admin\AppData\Local\Temp\39f78137bfe2fc3c358fef2300767d40N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        7⤵
        
        PID:844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 244
        8⤵
        Program crash
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1276.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51885.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56997.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        6⤵
        Program crash
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        6⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 244
        7⤵
        Program crash
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
        6⤵
        
        PID:3792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 244
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        5⤵
        
        PID:596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 224
        6⤵
        Program crash
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31383.exe
        5⤵
        
        PID:4048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 248
        5⤵
        Program crash
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 220
        6⤵
        Program crash
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        8⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 228
        8⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 228
        7⤵
        Program crash
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        7⤵
        
        PID:7212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 244
        6⤵
        Program crash
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        5⤵
        
        PID:2064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 224
        6⤵
        Program crash
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        6⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        5⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 248
        7⤵
        Program crash
        
        PID:4616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 248
        6⤵
        Program crash
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
        5⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
        6⤵
        
        PID:1032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 248
        6⤵
        Program crash
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59763.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
        6⤵
        
        PID:8392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 228
        5⤵
        Program crash
        
        PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        5⤵
        
        PID:2308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        6⤵
        Program crash
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        5⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
        6⤵
        
        PID:6220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 244
        6⤵
        
        PID:6824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 244
        5⤵
        Program crash
        
        PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
      4⤵
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31186.exe
        5⤵
        
        PID:3364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 228
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
      4⤵
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        5⤵
        
        PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
      4⤵
      PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
      4⤵
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3807.exe
      4⤵
      PID:8032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
        8⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 224
        9⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 248
        8⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        8⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        8⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 244
        7⤵
        Program crash
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
        8⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 248
        7⤵
        Program crash
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
        7⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        7⤵
        
        PID:7564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 248
        6⤵
        Program crash
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        6⤵
        Executes dropped EXE
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 228
        7⤵
        Program crash
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        7⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53997.exe
        6⤵
        
        PID:3908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 248
        6⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16411.exe
        6⤵
        
        PID:3628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 244
        6⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        6⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
        6⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        6⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        5⤵
        
        PID:3920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 248
        5⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
        7⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        8⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39620.exe
        8⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 248
        7⤵
        Program crash
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
        7⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        7⤵
        
        PID:7596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 244
        6⤵
        Program crash
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        7⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 228
        7⤵
        Program crash
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        6⤵
        
        PID:3936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 244
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-122.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
        6⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11548.exe
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        6⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29961.exe
        5⤵
        
        PID:3848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 244
        5⤵
        Program crash
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        8⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 228
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        7⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 244
        7⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        6⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        7⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 228
        7⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        6⤵
        
        PID:5640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 244
        6⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        6⤵
        
        PID:4928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 248
        6⤵
        
        PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        5⤵
        
        PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        5⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        6⤵
        
        PID:5040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 228
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
        5⤵
        
        PID:3692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 244
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
      4⤵
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        5⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
      4⤵
      PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
      4⤵
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46832.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
      4⤵
      PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
      4⤵
      PID:7360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 244
        5⤵
        Program crash
        
        PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        6⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        6⤵
        
        PID:4068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 244
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24825.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
        6⤵
        
        PID:7456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 244
        5⤵
        Program crash
        
        PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        6⤵
        
        PID:5740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        5⤵
        
        PID:4088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 244
        5⤵
        
        PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
      4⤵
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54563.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28981.exe
        5⤵
        
        PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26774.exe
      4⤵
      PID:4920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
      4⤵
      PID:6560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19434.exe
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        7⤵
        
        PID:7312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 248
        6⤵
        Program crash
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
        6⤵
        
        PID:7632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 244
        5⤵
        Program crash
        
        PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
      4⤵
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
        5⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 228
        6⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11258.exe
        5⤵
        
        PID:3928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 244
        5⤵
        
        PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        5⤵
        
        PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
      4⤵
      PID:5028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
      4⤵
      PID:6576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
      4⤵
      Program crash
      PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
    3⤵
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55853.exe
      4⤵
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        5⤵
        
        PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65036.exe
      4⤵
      PID:3444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 244
      4⤵
      PID:5288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
    3⤵
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
      4⤵
      PID:6192
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 228
      4⤵
      PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
    3⤵
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16974.exe
    3⤵
    PID:5180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
    3⤵
    PID:6596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56955.exe
    3⤵
    PID:7528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53104.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53104.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45562.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42724.exe
        7⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 224
        8⤵
        Program crash
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 224
        7⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        6⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        7⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50494.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        6⤵
        
        PID:3844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        6⤵
        Program crash
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
        8⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 228
        7⤵
        Program crash
        
        PID:4100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        6⤵
        Program crash
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 244
        6⤵
        
        PID:6644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        5⤵
        Program crash
        
        PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
        7⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 228
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21569.exe
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        6⤵
        Program crash
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21924.exe
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49797.exe
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        7⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        6⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
        6⤵
        
        PID:7624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 248
        5⤵
        Program crash
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60859.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1063.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        6⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
        7⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        6⤵
        
        PID:5732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 248
        6⤵
        
        PID:5552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 248
        5⤵
        Program crash
        
        PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
      4⤵
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        5⤵
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 220
        6⤵
        Program crash
        
        PID:4984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 228
        5⤵
        Program crash
        
        PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
      4⤵
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 248
      4⤵
      Program crash
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        6⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        7⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 228
        7⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48570.exe
        6⤵
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 244
        6⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        6⤵
        
        PID:4164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 248
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        5⤵
        
        PID:3280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 248
        5⤵
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        5⤵
        
        PID:3012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 244
        6⤵
        Program crash
        
        PID:3404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        5⤵
        Program crash
        
        PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
      4⤵
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61868.exe
        6⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        6⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35550.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42212.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        5⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        5⤵
        
        PID:7704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
      4⤵
      Program crash
      PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16637.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        5⤵
        
        PID:3020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 224
        6⤵
        Program crash
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        6⤵
        
        PID:8292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 244
        5⤵
        Program crash
        
        PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
      4⤵
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28877.exe
        5⤵
        
        PID:3856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 248
        5⤵
        Program crash
        
        PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22285.exe
      4⤵
      PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe
      4⤵
      PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 224
      4⤵
      Program crash
      PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
      4⤵
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
        5⤵
        
        PID:7780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 228
        5⤵
        
        PID:8220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
      4⤵
      PID:4304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 244
      4⤵
      PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61213.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 224
      4⤵
      PID:7828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60565.exe
    3⤵
    PID:5452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
    3⤵
    PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
    3⤵
    PID:8004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        6⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        8⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 244
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        7⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 244
        7⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
        6⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 224
        7⤵
        Program crash
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42352.exe
        6⤵
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 248
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31529.exe
        5⤵
        
        PID:2832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 224
        6⤵
        Program crash
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        5⤵
        
        PID:3312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 224
        6⤵
        
        PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8053.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        5⤵
        
        PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26123.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 244
        7⤵
        
        PID:6612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        6⤵
        Program crash
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 228
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        5⤵
        
        PID:4028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 248
        5⤵
        
        PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
      4⤵
      PID:2108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 224
        5⤵
        Program crash
        
        PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        5⤵
        
        PID:7664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 228
        5⤵
        
        PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6712.exe
      4⤵
      PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20289.exe
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
      4⤵
      PID:7520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        5⤵
        Program crash
        
        PID:644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
      4⤵
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        6⤵
        
        PID:5044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 228
        6⤵
        
        PID:6452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 228
        5⤵
        Program crash
        
        PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
      4⤵
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
        5⤵
        
        PID:8564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 248
      4⤵
      Program crash
      PID:4644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37675.exe
        5⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58056.exe
        6⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        6⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        5⤵
        
        PID:5608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 248
        5⤵
        
        PID:6704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 248
      4⤵
      Program crash
      PID:3320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
    3⤵
    PID:2316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 224
      4⤵
      Program crash
      PID:4180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
    3⤵
    PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44101.exe
    3⤵
    PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
    3⤵
    PID:6348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
    3⤵
    PID:7236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42241.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2216
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
      4⤵
      Program crash
      PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7186.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
      4⤵
      PID:1428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 224
        5⤵
        Program crash
        
        PID:3384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 248
      4⤵
      Program crash
      PID:3284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
        5⤵
        
        PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 224
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
    3⤵
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
    3⤵
    PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
    3⤵
    PID:6364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52324.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38443.exe
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        7⤵
        
        PID:7284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 248
        6⤵
        Program crash
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32210.exe
        6⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        5⤵
        
        PID:4224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 248
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        5⤵
        Program crash
        
        PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11591.exe
        5⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe
        5⤵
        
        PID:7688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 248
      4⤵
      Program crash
      PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40273.exe
    3⤵
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
      4⤵
      PID:588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 224
        5⤵
        
        PID:7844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 248
      4⤵
      Program crash
      PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
    3⤵
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
      4⤵
      PID:7340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
    3⤵
    PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
    3⤵
    PID:7440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
    3⤵
    PID:7548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43386.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43386.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
    3⤵
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        5⤵
        
        PID:7948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 228
        5⤵
        
        PID:8196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4400
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 224
      4⤵
      PID:6424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12934.exe
    3⤵
    PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45849.exe
      4⤵
      PID:8260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
    3⤵
    PID:6408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
    3⤵
    PID:7224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
    3⤵
    PID:8080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
  2⤵
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17123.exe
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
    3⤵
    PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
    3⤵
    PID:6380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
    3⤵
    PID:7204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
    3⤵
    PID:7760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
  2⤵
  PID:3984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 224
    3⤵
    PID:8092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
  2⤵
  PID:4840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
  2⤵
  PID:6356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
  2⤵
  PID:8120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe

Filesize
468KB

MD5
ec7e21dd9ca5baa5ec89c38f3b4b4826

SHA1
2967bd8a2a7d09f41dd5ca44f0c7c7b0b874311d

SHA256
3b7e34a994d3b97af5424837f85e799fdc938ab4eee853324d83dbb40e24b293

SHA512
beb852c8a1afcce84a9a76713c429f08716982b9c375113b39e63a83160cc545d9a167dfa2a753b306ce9da12fbf2f2e54f5a53de3dd6f3903d2ad165536e8de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe

Filesize
468KB

MD5
6e14cbeaa09304678f27f9bdfa0134ac

SHA1
e7d43553398112b253fcb4a76ef0496b9509783f

SHA256
e7f8318f83b3a2d9d96c0b9cd260bd876bee1c9a08b2d3a04220d35ccf3052e5

SHA512
2b9229414aa9afde59e805c34759e6da97efb102919ef97fed04dbea947824613204954b9d8a6baeafc65d6f9cc97b9746cfa77bf58b1be3dae56fc849e87395

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23421.exe

Filesize
468KB

MD5
5949facafff7b84f8316d4ba005d86d7

SHA1
e9104100dc023b29836dd5fab79efb1a9a45e867

SHA256
426dac451c5c174e51d4da1d6e914a62a3c2a16d8e45b228bc290478816c3bca

SHA512
5dbe611233642a6cd27c8ee1fc1d8fbe0bad5f284d9e3571399ef6adbe27bedbc44e4aaf79b89b245f91b098e9b4dae998d0c9dfa77d53bdcfd854caac769a16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe

Filesize
468KB

MD5
08dd86ab278258d83cd3d3086f0e400c

SHA1
ed51ebe9f33fa66d3a0a797625b9e3c63c520e26

SHA256
898785f199cfe347f60681b9f9339cde94becfc0ec05634ca67cf7e4ccf730a1

SHA512
7189158e78fcd201847c712cd69ccf292ae4d6398d81f609666589290f420e6e69f42901a7881413c4a586d7aa72a6b4967133803d24417a31ccb529800a88e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe

Filesize
468KB

MD5
c951072d2e2bc11a871676e1ccdd6d0a

SHA1
edf58c4c64784f18363420188d800e21fe50d1a5

SHA256
e493ac1ed85bf5d68eccf1655a351bb9e611437ce1762b9de02ab14a3e06872c

SHA512
e2c06600a721cfe728bd80a5b44e74fcf9b7f9075c1ce8bde1d9a08da3423dd0c9f5ddd815e7bc55d692f95613f7c549f28a01c7684a59b0da46e1979af7697b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe

Filesize
468KB

MD5
cef0dabd3c951dc7f0f74c528c7a664b

SHA1
fed7ff9611ee483383916f2fc720bd77fff8a570

SHA256
0f7c16d1032fd2d19e010b606f2112801e52e50579fade0cd1608161f0501334

SHA512
7695251ca8c2c201cdb0d2d0e50563ffda4777af22835591440b05234be255a0e113c3baf16cfe6b362658ac84dbfd0c2d0094eeb84f28f2a6f2b53fe56e6a11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe

Filesize
468KB

MD5
c124ec05777bb395aa3eb250a4cf266b

SHA1
0ac0180b57215ceab98162424eb77ea06e4d6afe

SHA256
4f98725bd4c3d09b9682c751b2b6dd1953e1be2c81ed8e4e29010e851db34534

SHA512
bfd96755a1949ce24c68c83c3dc26c098884d9259e153feb5c4edb4656a898caf86cc088b0cf66b27606675d66508f21da7941c27104b2df09a2ecbdfd2d43ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe

Filesize
468KB

MD5
164577b849a19c772e9c8a81ddd9f5cc

SHA1
1df8f5ec4aa8d2055e81465fa1ecd893e2fca6d1

SHA256
facc31dde655aa019a96f6aa976b731b43f191c7556e82bbac4717f185da79e5

SHA512
3f171200f08e9ba92a4750f9a3bbea5667c1f51679196ab3f59112890c20b0657eea980b06e8718efaf462d5f23a5356061bf4e0dcd5446a9947115a9aec9ca4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe

Filesize
468KB

MD5
4b6154d2e5b739b891daf15a2a4dcb7d

SHA1
64278e46adb8fe55e4cd1c4b74358dd44914f246

SHA256
4409e293920392bf8c29efabb67925dfb534e93a53ffd0352e1c187b7f8b3242

SHA512
46d747285c405a1e0a934ed16483d5963ab4d626a4af912dd234ef227280a66e92bd1b27919d16f564967b2c8e11a0ab0cb32cf710cc48d848dd64fae2b808ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe

Filesize
468KB

MD5
f1bcfba73ce4bb180ef9d9870b895d55

SHA1
7c09dd8f7da37dfa5d06caed29f0c201999c14ad

SHA256
5deb8ba04f33b0c19025f3570242f92eef15945fb15fca0dad85e07e3fd74424

SHA512
a9d5a5620323fa79eeedbfeac5c140bd9f4124a424476814b40eb949e7db3d70d7010bf31b3df42610155ac0c02f2660e7af3124e0f7d5d3ecb1e41a4df643d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe

Filesize
468KB

MD5
ff684061eb69dcb457152e1f7b25643d

SHA1
b7da3f4d625c10e7c499d6631cf52d95fa2463c7

SHA256
1e7c97bbc8752f8946f4a3ae5cdd09c1628d5bee11904d787bea1807fbfb0e50

SHA512
32897ccf378dd4c026cb3b901da61810df5b649f485f9e79412185ae8c8a61cd21ac4299460bd9a6171261eab81a13e118c3d09a598c805eef1aac215301d7eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe

Filesize
468KB

MD5
232ef22df828a3441c5fc46755edca51

SHA1
6ad309fc98533dd6a3967b872288540ccca7d412

SHA256
81d3bb92d66a363a1a035928e65d5bbe02401001c618d6199b970597e2922d38

SHA512
3f16c55cb41d1bebbee81395b2ffbc22f65fbed7efa38bbc8241e5718df52144c4c4428de51b0b20513b2aa0ccfe8d1ee15e80084fdd6ed266ddf225fa800b1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45562.exe

Filesize
468KB

MD5
7cfbba876874dd8390f37591fbaf2940

SHA1
944dc5b1aede488f2049f7ee6200b043bedc8db9

SHA256
1816873fd375ae37b46cf74ba5341cd52d249f069b1113a966e04e0fa1c79551

SHA512
73d0e6115885f4c1650079a3dc04fbfb8ce53e025e0a04387617e2be4ea403f7be89a10f50b244333039dbd7635679cbf02f89eecc863c9fafbe6a057cb237a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe

Filesize
468KB

MD5
7027d65a1af769001b549f311517030c

SHA1
e63a487e500fcdad338c6e4e41fd665b4105e841

SHA256
024126ff310846fdf899320973ebf8c1ed1da93443c76b1b8d03aaa32c45deab

SHA512
82709471a164fe3eba3557da055b8b8288f11e2e6474b328fd7878f67b7bc045e7100d57e017977e8c5ad8569e53173df877cc7b49000d06afc62629f27c8732

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe

Filesize
468KB

MD5
7c4711bf49ed4b1cf061bc0db63aeb80

SHA1
6d2daf4231b03853fe042d3e8542d8b25f4f6999

SHA256
de44a7eb50e567622f0c15b406112c86d902d852a0a4efdc8a10ecd8c2fd2e09

SHA512
aad9cdf9c9a4e22273b8f377d971c83098ecf27b07b4d54b1b89e05c9cc1be5743f6d9d01ea9c1338ad3e12cd146638416cc62158ae86982449aeabb2ae65ceb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe

Filesize
468KB

MD5
33c1b2a4ce35441413355fb6116d46bf

SHA1
aabfe7e1ee3be17352698d1130c4651f9ad76ad6

SHA256
bdbc17cf7bba954c707ac500ac53566f4f0c9e2750fbc22d863938e6875e09f6

SHA512
b505b00af714460fe001a982b326a6a5d3d2dbab255a1f5e763f85ced6757e6d3dd361e0f9342307b98493a14cb95dfa7d444c46ae4d41361dd2405b8f356bb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe

Filesize
468KB

MD5
2c537bb95ff39222afc99dd59e2d55e1

SHA1
57af4a8b57a5c5ed080a67ac1cc87e2ec9a0f260

SHA256
6d392fbc642277b6ebd794a12aad53e73b701e12570e51ceed27423d6d0b5b06

SHA512
9b9f4438506fb7e0528533a9f90a0e1630f05e06eb6362462327ec5e1c98dd86d86f59890e60044c8e59b5944686bde6c3389e3be59760aabfddfb4b6bac5128

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53104.exe

Filesize
468KB

MD5
df1bbbf77ef744a98364ce05a5f05ba9

SHA1
325836b04ac5b69f697bac58fb9bc53296c9efa1

SHA256
e977bdb6eb5cbf4496a3adb253747142efa58f7d3a730bc7d19dcbfed4c6946c

SHA512
d573cf4564a9e4321a16f8a668870b37129c2da7981fb1622727aec8ac611dcbfe4703c24cb3ff2593b55697c7aaca740c2bd61b2425ab2f79630bd0b78e3cdf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe

Filesize
468KB

MD5
b7d5eaa1f75a7c0754d7f74647a58036

SHA1
d541939c8dbd8f47531dc78fe162cb6f22bb2d51

SHA256
23f5a6bc35811d953f4b8802bcdc854717b5d20b9a112914053a30dc2c4c9fcc

SHA512
1522887c9083fd7fd7788df5d2dae3bf9ec8c64be3c917c5956423b2b10ce4b6ae0477d77caeec507369bb3bd83e08e92ff00ec206d8e622467798d3d89d4056

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe

Filesize
468KB

MD5
205c26c7808d02a50e4db6fa2af7f99e

SHA1
d0b85ace259076e507879f3a468270bddd80079e

SHA256
575757bc1e1f5ea87df2bd937f411bdabfdb3547e75bc2eebfddb77ff7ba209e

SHA512
42ec55d8be3342dbcb5ba400e0ec3c5e5ddc92e47847255c64886db9715663491f0fdf3f973909650bb3ef0002e4d3514d17e771ca0db07b9c2ca2dd04f5bcea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe

Filesize
468KB

MD5
cd67a8a7a6eb6667afb7d322301299f3

SHA1
002295d292dbd8f153dbff748568677c1e169f83

SHA256
e120e724776fa4805760207fd7dab823c4d4a2efe1a96387e4811f02bfbdec98

SHA512
c670a15ddbebc86aa500ada0db53bd8e7f569bb82b5d98e726a4ff27fc06df6cb58689cc36c24b231806e15f0e216f0cb8dc0a22fa6ab2f173bfa4966d44468b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe

Filesize
468KB

MD5
b19d45fcc9edb051460570941947e887

SHA1
701309e34100cf4104c5b24eeca6065f976d83cb

SHA256
a53da56f31983a116c349fb49cd8904b9915c88c8dd45a6bc18d793e2f1d793b

SHA512
716344b8b14a0f5e3bc8e1a019b41ee45d2ae007a1079793b92dd7c8216d8cbbc1922c2cae8dd08c315c2bcbc000d6c074a0483154a79fc3d8a164ac577ed21a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6956.exe

Filesize
468KB

MD5
71ac1f75a0c81fb133e49a40330ff949

SHA1
945728d9be3f51226ac48919e2aac6ce91ed440d

SHA256
97bab501cb0351ca33a034e122949c9b5f2442b0269b2cfdd03f42c6aeb73b8d

SHA512
64ab9ed7fb26c111cb0a9cfc0662aa9caf078be8e23db7b7eb9abaf7945d45df3098d3b18be072208447f2c77f3cd75ffd825f699143c4f02f5c50ac46d807fb

Download Submit