4ebeb46a6f9d32d1b65eb0a6ab0a82c685eb0ef1ef1f05a0453ac5ee5eb2e353

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3e683ac3103d2784ff347fb746d5ab0N.exe
Size

184KB
MD5

e3e683ac3103d2784ff347fb746d5ab0
SHA1

12dd7c654677c84f8f45adc208a6f8cc2b61a784
SHA256

4ebeb46a6f9d32d1b65eb0a6ab0a82c685eb0ef1ef1f05a0453ac5ee5eb2e353
SHA512

602873bfac5c6c86dbf7400bf6b86b0a6292c5f8f3b077072def23292725667507c65034ba3d2d8f5e46e7a68239288aeaa41e2fb9656f23b04832ef46069fbb
SSDEEP

3072:CohQP8oTV3KudFaWe3CLq5sqPlnViFYn3:CoVocqFaMLqsqPlnViFY

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1888	Unicorn-31064.exe
2920	Unicorn-62833.exe
2960	Unicorn-34799.exe
3060	Unicorn-59107.exe
1128	Unicorn-26989.exe
2792	Unicorn-17883.exe
2604	Unicorn-34637.exe
2320	Unicorn-15368.exe
2080	Unicorn-40619.exe
2896	Unicorn-60485.exe
832	Unicorn-8243.exe
2444	Unicorn-33494.exe
2436	Unicorn-12135.exe
2372	Unicorn-15897.exe
2104	Unicorn-57252.exe
2368	Unicorn-57252.exe
2088	Unicorn-53682.exe
2476	Unicorn-4844.exe
2176	Unicorn-205.exe
672	Unicorn-37708.exe
1180	Unicorn-49214.exe
2068	Unicorn-45130.exe
604	Unicorn-21180.exe
1736	Unicorn-29946.exe
1496	Unicorn-38114.exe
1120	Unicorn-42473.exe
2560	Unicorn-14439.exe
956	Unicorn-26137.exe
960	Unicorn-50449.exe
2776	Unicorn-42281.exe
2952	Unicorn-14247.exe
2680	Unicorn-59961.exe
2712	Unicorn-55877.exe
2744	Unicorn-36011.exe
2668	Unicorn-36011.exe
2652	Unicorn-43433.exe
1308	Unicorn-15399.exe
2552	Unicorn-9691.exe
2760	Unicorn-10376.exe
2304	Unicorn-56048.exe
1080	Unicorn-27180.exe
2016	Unicorn-19287.exe
1856	Unicorn-31901.exe
1084	Unicorn-14626.exe
1576	Unicorn-59743.exe
760	Unicorn-40439.exe
1328	Unicorn-16489.exe
2036	Unicorn-8321.exe
824	Unicorn-8321.exe
1156	Unicorn-20019.exe
2004	Unicorn-33017.exe
1724	Unicorn-52883.exe
2260	Unicorn-40247.exe
1600	Unicorn-27995.exe
2564	Unicorn-15743.exe
2816	Unicorn-61414.exe
2676	Unicorn-12021.exe
2828	Unicorn-35971.exe
2840	Unicorn-31887.exe
2424	Unicorn-15550.exe
1344	Unicorn-53054.exe
2136	Unicorn-45182.exe
1532	Unicorn-41460.exe
2252	Unicorn-20102.exe

Loads dropped DLL 64 IoCs

pid	Process
2984	e3e683ac3103d2784ff347fb746d5ab0N.exe
2984	e3e683ac3103d2784ff347fb746d5ab0N.exe
1888	Unicorn-31064.exe
2984	e3e683ac3103d2784ff347fb746d5ab0N.exe
1888	Unicorn-31064.exe
2984	e3e683ac3103d2784ff347fb746d5ab0N.exe
2920	Unicorn-62833.exe
2920	Unicorn-62833.exe
1888	Unicorn-31064.exe
1888	Unicorn-31064.exe
2960	Unicorn-34799.exe
2960	Unicorn-34799.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
2164	WerFault.exe
1128	Unicorn-26989.exe
1128	Unicorn-26989.exe
3060	Unicorn-59107.exe
3060	Unicorn-59107.exe
2920	Unicorn-62833.exe
2920	Unicorn-62833.exe
2792	Unicorn-17883.exe
2792	Unicorn-17883.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2604	Unicorn-34637.exe
2604	Unicorn-34637.exe
1128	Unicorn-26989.exe
1128	Unicorn-26989.exe
2080	Unicorn-40619.exe
2080	Unicorn-40619.exe
3060	Unicorn-59107.exe
3060	Unicorn-59107.exe
2320	Unicorn-15368.exe
2896	Unicorn-60485.exe
2320	Unicorn-15368.exe
2896	Unicorn-60485.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
624	WerFault.exe
624	WerFault.exe
624	WerFault.exe
624	WerFault.exe
624	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
940	2984	WerFault.exe	29
1924	2960	WerFault.exe	32
2164	1888	WerFault.exe	30
2864	2792	WerFault.exe	36
2992	2920	WerFault.exe	31
1536	2896	WerFault.exe	42
624	1128	WerFault.exe	35
2544	3060	WerFault.exe	34
1516	2604	WerFault.exe	39
2240	2080	WerFault.exe	41
660	2320	WerFault.exe	40
2996	2176	WerFault.exe	56
2152	832	WerFault.exe	45
2708	2436	WerFault.exe	47
2040	2368	WerFault.exe	50
1072	2372	WerFault.exe	48
2112	2104	WerFault.exe	49
2116	2444	WerFault.exe	46
1480	2476	WerFault.exe	55
2212	672	WerFault.exe	57
2772	2068	WerFault.exe	59
3040	1180	WerFault.exe	58
2392	2776	WerFault.exe	70
1704	1736	WerFault.exe	61
1772	1496	WerFault.exe	62
1640	604	WerFault.exe	60
968	2088	WerFault.exe	54
2248	2560	WerFault.exe	67
1876	956	WerFault.exe	68
1520	2744	WerFault.exe	75
1548	2552	WerFault.exe	78
2924	1120	WerFault.exe	66
2480	1308	WerFault.exe	77
2556	960	WerFault.exe	69
1932	2304	WerFault.exe	80
3352	2564	WerFault.exe	103
3416	1080	WerFault.exe	84
3512	2680	WerFault.exe	72
3528	2760	WerFault.exe	79
3560	2712	WerFault.exe	73
3852	1156	WerFault.exe	97
3860	1344	WerFault.exe	108
3892	1856	WerFault.exe	90
3920	2828	WerFault.exe	104
3948	2676	WerFault.exe	105
4036	1600	WerFault.exe	101
4060	824	WerFault.exe	96
4084	1724	WerFault.exe	98
3100	1576	WerFault.exe	92
3084	760	WerFault.exe	93
3324	2868	WerFault.exe	148
3728	1328	WerFault.exe	94
3752	2936	WerFault.exe	124
3956	1500	WerFault.exe	121
4052	2652	WerFault.exe	76
4076	2252	WerFault.exe	119
3836	1784	WerFault.exe	120
3208	2460	WerFault.exe	122
3204	2952	WerFault.exe	71
3580	2672	WerFault.exe	126
3768	2036	WerFault.exe	95
3784	2668	WerFault.exe	74
3736	2424	WerFault.exe	107
3888	2004	WerFault.exe	99

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40978.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50205.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52883.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2984	e3e683ac3103d2784ff347fb746d5ab0N.exe
1888	Unicorn-31064.exe
2920	Unicorn-62833.exe
2960	Unicorn-34799.exe
1128	Unicorn-26989.exe
3060	Unicorn-59107.exe
2792	Unicorn-17883.exe
2604	Unicorn-34637.exe
2320	Unicorn-15368.exe
2080	Unicorn-40619.exe
2896	Unicorn-60485.exe
832	Unicorn-8243.exe
2444	Unicorn-33494.exe
2436	Unicorn-12135.exe
2104	Unicorn-57252.exe
2368	Unicorn-57252.exe
2372	Unicorn-15897.exe
2088	Unicorn-53682.exe
2476	Unicorn-4844.exe
672	Unicorn-37708.exe
2176	Unicorn-205.exe
1180	Unicorn-49214.exe
2068	Unicorn-45130.exe
1736	Unicorn-29946.exe
1496	Unicorn-38114.exe
604	Unicorn-21180.exe
1120	Unicorn-42473.exe
2560	Unicorn-14439.exe
956	Unicorn-26137.exe
960	Unicorn-50449.exe
2776	Unicorn-42281.exe
2952	Unicorn-14247.exe
2680	Unicorn-59961.exe
2744	Unicorn-36011.exe
2712	Unicorn-55877.exe
1308	Unicorn-15399.exe
2668	Unicorn-36011.exe
2304	Unicorn-56048.exe
2552	Unicorn-9691.exe
2760	Unicorn-10376.exe
2652	Unicorn-43433.exe
1080	Unicorn-27180.exe
2016	Unicorn-19287.exe
1856	Unicorn-31901.exe
1084	Unicorn-14626.exe
1576	Unicorn-59743.exe
1156	Unicorn-20019.exe
1724	Unicorn-52883.exe
2260	Unicorn-40247.exe
2004	Unicorn-33017.exe
760	Unicorn-40439.exe
1328	Unicorn-16489.exe
824	Unicorn-8321.exe
2036	Unicorn-8321.exe
1600	Unicorn-27995.exe
2564	Unicorn-15743.exe
2816	Unicorn-61414.exe
2424	Unicorn-15550.exe
2840	Unicorn-31887.exe
2828	Unicorn-35971.exe
2676	Unicorn-12021.exe
1344	Unicorn-53054.exe
2136	Unicorn-45182.exe
1532	Unicorn-41460.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 1888	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	30
PID 2984 wrote to memory of 1888	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	30
PID 2984 wrote to memory of 1888	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	30
PID 2984 wrote to memory of 1888	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	30
PID 1888 wrote to memory of 2920	1888	Unicorn-31064.exe	31
PID 1888 wrote to memory of 2920	1888	Unicorn-31064.exe	31
PID 1888 wrote to memory of 2920	1888	Unicorn-31064.exe	31
PID 1888 wrote to memory of 2920	1888	Unicorn-31064.exe	31
PID 2984 wrote to memory of 2960	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	32
PID 2984 wrote to memory of 2960	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	32
PID 2984 wrote to memory of 2960	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	32
PID 2984 wrote to memory of 2960	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	32
PID 2984 wrote to memory of 940	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	33
PID 2984 wrote to memory of 940	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	33
PID 2984 wrote to memory of 940	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	33
PID 2984 wrote to memory of 940	2984	e3e683ac3103d2784ff347fb746d5ab0N.exe	33
PID 2920 wrote to memory of 3060	2920	Unicorn-62833.exe	34
PID 2920 wrote to memory of 3060	2920	Unicorn-62833.exe	34
PID 2920 wrote to memory of 3060	2920	Unicorn-62833.exe	34
PID 2920 wrote to memory of 3060	2920	Unicorn-62833.exe	34
PID 1888 wrote to memory of 1128	1888	Unicorn-31064.exe	35
PID 1888 wrote to memory of 1128	1888	Unicorn-31064.exe	35
PID 1888 wrote to memory of 1128	1888	Unicorn-31064.exe	35
PID 1888 wrote to memory of 1128	1888	Unicorn-31064.exe	35
PID 2960 wrote to memory of 2792	2960	Unicorn-34799.exe	36
PID 2960 wrote to memory of 2792	2960	Unicorn-34799.exe	36
PID 2960 wrote to memory of 2792	2960	Unicorn-34799.exe	36
PID 2960 wrote to memory of 2792	2960	Unicorn-34799.exe	36
PID 2960 wrote to memory of 1924	2960	Unicorn-34799.exe	37
PID 2960 wrote to memory of 1924	2960	Unicorn-34799.exe	37
PID 2960 wrote to memory of 1924	2960	Unicorn-34799.exe	37
PID 2960 wrote to memory of 1924	2960	Unicorn-34799.exe	37
PID 1888 wrote to memory of 2164	1888	Unicorn-31064.exe	38
PID 1888 wrote to memory of 2164	1888	Unicorn-31064.exe	38
PID 1888 wrote to memory of 2164	1888	Unicorn-31064.exe	38
PID 1888 wrote to memory of 2164	1888	Unicorn-31064.exe	38
PID 1128 wrote to memory of 2604	1128	Unicorn-26989.exe	39
PID 1128 wrote to memory of 2604	1128	Unicorn-26989.exe	39
PID 1128 wrote to memory of 2604	1128	Unicorn-26989.exe	39
PID 1128 wrote to memory of 2604	1128	Unicorn-26989.exe	39
PID 3060 wrote to memory of 2320	3060	Unicorn-59107.exe	40
PID 3060 wrote to memory of 2320	3060	Unicorn-59107.exe	40
PID 3060 wrote to memory of 2320	3060	Unicorn-59107.exe	40
PID 3060 wrote to memory of 2320	3060	Unicorn-59107.exe	40
PID 2920 wrote to memory of 2080	2920	Unicorn-62833.exe	41
PID 2920 wrote to memory of 2080	2920	Unicorn-62833.exe	41
PID 2920 wrote to memory of 2080	2920	Unicorn-62833.exe	41
PID 2920 wrote to memory of 2080	2920	Unicorn-62833.exe	41
PID 2792 wrote to memory of 2896	2792	Unicorn-17883.exe	42
PID 2792 wrote to memory of 2896	2792	Unicorn-17883.exe	42
PID 2792 wrote to memory of 2896	2792	Unicorn-17883.exe	42
PID 2792 wrote to memory of 2896	2792	Unicorn-17883.exe	42
PID 2792 wrote to memory of 2864	2792	Unicorn-17883.exe	43
PID 2792 wrote to memory of 2864	2792	Unicorn-17883.exe	43
PID 2792 wrote to memory of 2864	2792	Unicorn-17883.exe	43
PID 2792 wrote to memory of 2864	2792	Unicorn-17883.exe	43
PID 2920 wrote to memory of 2992	2920	Unicorn-62833.exe	44
PID 2920 wrote to memory of 2992	2920	Unicorn-62833.exe	44
PID 2920 wrote to memory of 2992	2920	Unicorn-62833.exe	44
PID 2920 wrote to memory of 2992	2920	Unicorn-62833.exe	44
PID 2604 wrote to memory of 832	2604	Unicorn-34637.exe	45
PID 2604 wrote to memory of 832	2604	Unicorn-34637.exe	45
PID 2604 wrote to memory of 832	2604	Unicorn-34637.exe	45
PID 2604 wrote to memory of 832	2604	Unicorn-34637.exe	45

C:\Users\Admin\AppData\Local\Temp\e3e683ac3103d2784ff347fb746d5ab0N.exe
"C:\Users\Admin\AppData\Local\Temp\e3e683ac3103d2784ff347fb746d5ab0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        10⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40481.exe
        12⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
        13⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        14⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31585.exe
        15⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        14⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        13⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        12⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        11⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 220
        10⤵
        Program crash
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        10⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        9⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
        10⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        11⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        12⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        13⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 236
        13⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 236
        12⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
        11⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
        10⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        9⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
        8⤵
        Program crash
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
        12⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        13⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        14⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        13⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        12⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        11⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        10⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        11⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51750.exe
        12⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25503.exe
        13⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        12⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
        11⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        10⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        10⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        11⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29493.exe
        12⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27802.exe
        13⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        13⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        12⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 236
        11⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        10⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37383.exe
        10⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        11⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        10⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 220
        9⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        8⤵
        Program crash
        
        PID:3784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        7⤵
        Program crash
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65078.exe
        10⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
        12⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
        13⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        13⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
        12⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
        11⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        10⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        9⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1965.exe
        11⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9840.exe
        12⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
        13⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        12⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        11⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        10⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        9⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        8⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23526.exe
        12⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
        12⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        11⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 236
        10⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
        8⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
        7⤵
        Program crash
        
        PID:1640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        6⤵
        Program crash
        
        PID:660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32022.exe
        10⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 236
        13⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        12⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
        11⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        10⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        9⤵
        Program crash
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
        8⤵
        Program crash
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64035.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        10⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
        11⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45990.exe
        12⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        12⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        11⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        10⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        9⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 216
        8⤵
        Program crash
        
        PID:4060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
        7⤵
        Program crash
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30548.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        11⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
        12⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        10⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        9⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        8⤵
        Program crash
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        7⤵
        Program crash
        
        PID:1932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        6⤵
        Program crash
        
        PID:1072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46417.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
        10⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
        11⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        12⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        13⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53432.exe
        14⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        13⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        12⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        11⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        10⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        9⤵
        Program crash
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        8⤵
        Program crash
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        7⤵
        Program crash
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39282.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        11⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        12⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        13⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        12⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 240
        11⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        10⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        9⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
        8⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43984.exe
        10⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41237.exe
        11⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 236
        11⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        10⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        8⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        7⤵
        Program crash
        
        PID:3204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        6⤵
        Program crash
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        12⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
        13⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        12⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        11⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        9⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 216
        8⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46396.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        11⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
        12⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
        11⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        10⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        9⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        8⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        7⤵
        Program crash
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16776.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3558.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        11⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        10⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
        9⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        8⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        7⤵
        Program crash
        
        PID:3768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
        6⤵
        Program crash
        
        PID:2212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        5⤵
        Program crash
        
        PID:2240
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        10⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        11⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        12⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        13⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 236
        13⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        12⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        11⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
        10⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        9⤵
        Program crash
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        8⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11570.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        11⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        13⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        12⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 236
        11⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 236
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        8⤵
        Program crash
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        11⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6706.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 236
        12⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        11⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        9⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
        8⤵
        Program crash
        
        PID:3728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        7⤵
        Program crash
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14439.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
        11⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        13⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        13⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        12⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        11⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        10⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        12⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14532.exe
        13⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 236
        12⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        11⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        10⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        9⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 216
        8⤵
        Program crash
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        7⤵
        Program crash
        
        PID:2248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
        6⤵
        Program crash
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        8⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
        10⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
        11⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        12⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        13⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        13⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        12⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        11⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        10⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
        9⤵
        Program crash
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        10⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        11⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        12⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        9⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50450.exe
        11⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        12⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        12⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        10⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        9⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        8⤵
        Program crash
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        7⤵
        Program crash
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38857.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        12⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        11⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        10⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        9⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        8⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
        10⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55897.exe
        12⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        9⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        8⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        7⤵
        Program crash
        
        PID:3892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        6⤵
        Program crash
        
        PID:1480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        5⤵
        Program crash
        
        PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43433.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
        13⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        13⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        12⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        10⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        11⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16909.exe
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        12⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        9⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        8⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21315.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
        11⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
        11⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
        10⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        8⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        7⤵
        Program crash
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        7⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51534.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13125.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        9⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 236
        8⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        7⤵
        Program crash
        
        PID:3948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
        6⤵
        Program crash
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        11⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 236
        11⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        9⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        10⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        11⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        10⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        9⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        8⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        7⤵
        
        PID:4612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        6⤵
        Program crash
        
        PID:2480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        5⤵
        Program crash
        
        PID:2116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15550.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13459.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        11⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        13⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        13⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        12⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
        11⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
        10⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54180.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26563.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        12⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 200
        13⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        10⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 216
        9⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
        10⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        12⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
        13⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 236
        13⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 236
        12⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 236
        11⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        9⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        8⤵
        Program crash
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        7⤵
        Program crash
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        13⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        14⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        14⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        13⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        12⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        11⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
        10⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36852.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11316.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        11⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17734.exe
        12⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
        13⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        12⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 236
        11⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        11⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        12⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
        12⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        11⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
        10⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 216
        9⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
        11⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        12⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 236
        12⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        11⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        10⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
        9⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        8⤵
        Program crash
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        7⤵
        Program crash
        
        PID:1520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        6⤵
        Program crash
        
        PID:2040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
  2⤵
  - Program crash
  PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe

Filesize
184KB

MD5
4df4396d8133dae68dec1fe871f55f50

SHA1
69fc68db646978e2c282b3a18980fba280466ff1

SHA256
22db5ccf1bb0ebce7fe29714f7f3f78b4c99f108e0f88836ba38d581eeb9b0df

SHA512
3ce8938efe61b7703312d7e8f95754f50f8e03c94ffd7852d008afe6276128844042bc40cf506967537bdf252b8c374cad29fc1f42d04c3425f2496dc37fecc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe

Filesize
184KB

MD5
f359ef8f86ae459f0ff794c11b25b91b

SHA1
aac993c1a7cce51c2f0c66ecc57f457817bf0318

SHA256
a9d3ca9396772d3fc5558008aae4626b43db83fe313528f4ccf3db5da0b8ea3b

SHA512
31bfe018af267449210ad460a71cd87391b73d465c9c003d0fcfcf904fdbda54afba4e8acea0281c3529cccf73910c554df68ff67555ff820c7a54dd09bdd0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe

Filesize
184KB

MD5
6fc4998ba7788286210dc231f5b9e417

SHA1
c0875c58eab8dfc8ea324fd7e85d138ffd78521b

SHA256
864e2b8d16fffbfccbc36d331934389ada04903be392cf34535cab4fcf89ec38

SHA512
bfe9a22f3c60d430081146ccebe9c158c6f1787e2526e73a54e83afe6d1dc63a38115dd1c81a86236c905bca264be06513e44922944c316ee414f8b7f1fa5266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15368.exe

Filesize
184KB

MD5
a31ef0ffb95182817dbe2abbbbc088cd

SHA1
a28bc395d14338c3b2c83a247f20a0e6b7e71ff6

SHA256
8a9490c936ea1433a0f7aff1157a55cf79d9f2d24828d36b0c0d6c2f9838b028

SHA512
42f81d01b13013acafb1167ddeb512ab515268e0448ec81ea0654989784ccb10d97d167732e0ea57e36a9023e96d6a5816ff63f042d541e55836e8e1605bc9b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe

Filesize
184KB

MD5
bb14ec1f00f98e6529fbffd3fc2944e1

SHA1
f42e77ec16621623c356f7d8e23cf729b2364f28

SHA256
376eaab66cbdaa733e3ba52e143e5200b4303f833f5458568b80d5ac29b3dd00

SHA512
c10955c13cf525313f81bd33a13bc3673def2ec70370c147e34f9157d6d0dd64dff6e9aebe7efd97095cbe902d3cd452226ca130fa62587ad806f786a13b5c08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe

Filesize
184KB

MD5
922dac59bafa96687f46afdb415a3bcc

SHA1
c849cd6d0f871db90b310a2cf864d0b6f779885b

SHA256
4060e5d732c1165736baceeaf32b7d216447abb31c3a5385e6fb5b4aab66faeb

SHA512
6c6218ffb54bcb2ee903aad83da4f3ac035547bfbf65f504684914dc92fd6849e932b5a6f6cd3a2cdacc8c8b3599eb15acfc6f9fdb4713f08451d4eacab6567a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe

Filesize
184KB

MD5
e4a1cb150a8bae68af021628cef81832

SHA1
62cfeefda77f3bf0d6a51c8fd10fc5bd7bef7f51

SHA256
8fc7f9e2e2131feda1af4151843a92d425dd808d45281c2683447087b82a4e3c

SHA512
c2657607555775a1a7aa0e2dda5d3c777cefd343eda3a5c91d29101101e474d7f188281a67749a5aeaf2ea3ba921dd14fb4f3094f3c0667d35031e4c2c8afcdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe

Filesize
184KB

MD5
95ee52852f9dbbe98831f0f4cd13dcbc

SHA1
d86f29e44c36ee1daf46eca02eced2c8b53adebb

SHA256
8306801453b22bef055bfacc796498a5b760235e6ce91354b2a5d471a6c85211

SHA512
1d956175cdae5cef426ce5b828fdf67065c1b8991c417b68717c41d7de73164533cb24638ca88460f41c60891d3b0fe13d1f8c9b6213ce26c53c35c799d1a945

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe

Filesize
184KB

MD5
e053624390e15df503000bf2c99d2051

SHA1
a2ad59e078854fad223f1be42ed1759678f9653d

SHA256
db44578a5ce5e42d69df7a6e517788af31a0e304b82f7d92a776b8927fde8255

SHA512
5d99bd84c3716adcad8c3a43d9244900abfc20f8f78a4c0384e9acabba57fd93ed36190e2395f1b1a9cef2eb354ed6f87afad5ee8fbe6b8d0c18576ba7599c42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe

Filesize
184KB

MD5
b2e88fe8b6956b6f0d474456693284a4

SHA1
0e86b6b85a0f02546e9d33adfc801760de11823c

SHA256
708553b2dd95f7bb3f28ea22eec0dd26ff9153cb95669f6f3f06ac6762f2e17a

SHA512
d68e3bd5f4272545ee116dbedad3059be1510059080509a429f397c8e88148c2105835651cd3705c1d71c5900737f5230ab97ad463ed7c85ab4686c41004166d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe

Filesize
184KB

MD5
8e45d05f86c82b4df7fdb8a983e793ef

SHA1
9ac39293cbad33e62b4b9a7454bbe67a458f757a

SHA256
b48bc093fa6d598ddec1eac4465b457622a9d8026608b9e294279066c92b3647

SHA512
6f83d5a544ef0f1ae146e183d1847d0dfc1490c7b308aad0e0a5ec4b05967fe5600e635d211d1f03dd29e3657b45e89541e793afeca28c9aa6044b5f8b9f9451

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe

Filesize
184KB

MD5
628d71ecb4484721dfe32428c43cc516

SHA1
ed7cdfb957c24f6d1df3ed6558c129e3708c51ba

SHA256
945516b5a63950b6cd1ed3c583d8b0357062695fdd1b892690b01f974600cc84

SHA512
39bbce0258736ee83ca59bb38b1359c9ee755267384ebb3658211588f43a139f53b4205c9fa47a7f29b4be3d51986115467e175f2122f8219637ef06cdf63327

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe

Filesize
184KB

MD5
c52ba612b8f5b64bca307d765d9669d5

SHA1
a5f816b3de5c8616f3fe505e036b7ebb7a54e535

SHA256
6896982d5536d68e492caede8e44cdc8e153858d64a6f7588433a1ed37c1c5f0

SHA512
f79afcb68fe773ead3c168a1bfa984216179b3cec8308b1e9000e961b9eb9a3558c97ef5ea6b98a7376dd6921f46b0574948f2c91dc6f571878d6b492dda5490

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe

Filesize
184KB

MD5
c8b3f0b95e9feb7ecf225e99a079ba2b

SHA1
b9d773eaa6d0764aad4a20f9aac8d0d147b93edc

SHA256
64b8196d8046bcf2603189a7379d92902de5395ddf4700a0db91b91e8263c2a3

SHA512
08caeb99abec78b160ea0c6b855c2122a7797177d3925087657c0eac564dd838ffc011f53351e7e47c6dde4351817260ba31fdd009c8f4354006ccfbd818509f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe

Filesize
184KB

MD5
dee5dee46275e3d734cd044786d2672f

SHA1
81061e256969b348036365fcbd52e86ea0d6d958

SHA256
0079da77e271957ed4b5c9035a43ef5df7b4a4c83219a564d99d4ba7340e32c0

SHA512
64054890085e0fcfb65d768c38cc4cf510cd5557e5bdebfa24c8507ec995c3adf8e30ea801a419e5566b23f1f883c2bc132b8358e56d5ba4beaaf44731da73a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe

Filesize
184KB

MD5
14bd4e798dfff70e59925317ed4e2868

SHA1
5bd0d9fc98fa4a7df91d1a27105b02f187b3c999

SHA256
4540f89cb1afd0d35b8f2dcbaeb62a26ab9ea67b3ee3c7f2dfb65fd9323aec43

SHA512
9eab7e41cadc7999754119694d2f3c0de49eedba30fc2a21c02f64dff58f04516089132910fcbba4a49fc2ecebffc4513e296d8822aeb06c97015e91dde9614d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe

Filesize
184KB

MD5
70b7877603245288bb90834e58f1ee09

SHA1
15196696bddd8e0ef08e2ba636abe29501e90929

SHA256
15adccd33b5f4156f4f19ae2a89bbcfd561d2fe801174f29fa02b7f4dfb1fbed

SHA512
b7431fc48f183d6353479e1b34e5e2669b05cc18767f4f7ec9b0b8862d274876b8b844d98e90c209f86ec3772cd511a4aef0e5671bc0472258576578999a9609

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe

Filesize
184KB

MD5
b78508fc0f5f8cd938bb3ca99af07491

SHA1
3d6d07b3312f4fef2a89ab47f8e89d1c007815be

SHA256
989b96031ff2f691808f45afa3228e6afdac791324a907fbf3973bd3b870de86

SHA512
9ec9232dfc97c27c40b52b2dca0c47099cf2d3c8cb680a51c75aa6e6fa9588bc814e4099a18feb679a6fa3b5288b443b18282e74ab7b1e474ec7f3a81f66bff5

Download Submit