5d012b4bb1a5d730146a2fe50d527ad62f7c7bc9102b5ff9513f3c0c890c3edf

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f5a500ee3ee3235d57356498f9e6580N.exe
Size

468KB
MD5

1f5a500ee3ee3235d57356498f9e6580
SHA1

02b41fe977c4c0c15045a98f10a2e520881b0338
SHA256

5d012b4bb1a5d730146a2fe50d527ad62f7c7bc9102b5ff9513f3c0c890c3edf
SHA512

4bf3bb5618dc9df134e718d589d7666b637c7332ab1fa2b9066764635b12ebfcb1777f996bf9d7e2ea1c5ffab8acdf2b38fa5f3c2c320734f722c7e30ea2662c
SSDEEP

3072:UTANoSCVId5UtbY2Pzt7cf8/SCMvegpwVmHeev5QPKD8i7uCQ8lj:UTqoQbUtlPJ7cfScQ5PKwouCQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2652	Unicorn-54519.exe
2500	Unicorn-6470.exe
2664	Unicorn-29583.exe
2832	Unicorn-24992.exe
2968	Unicorn-52189.exe
2808	Unicorn-37244.exe
2740	Unicorn-47450.exe
2644	Unicorn-58515.exe
2772	Unicorn-56469.exe
2776	Unicorn-39776.exe
2944	Unicorn-40041.exe
1956	Unicorn-29735.exe
2928	Unicorn-9869.exe
2876	Unicorn-9869.exe
1804	Unicorn-45277.exe
1800	Unicorn-29303.exe
440	Unicorn-42947.exe
1188	Unicorn-50850.exe
680	Unicorn-29325.exe
1612	Unicorn-58005.exe
1100	Unicorn-37493.exe
832	Unicorn-4720.exe
1688	Unicorn-10850.exe
556	Unicorn-64690.exe
348	Unicorn-16881.exe
1816	Unicorn-35909.exe
3068	Unicorn-20202.exe
1824	Unicorn-10549.exe
1500	Unicorn-29578.exe
1400	Unicorn-32916.exe
1604	Unicorn-34953.exe
2888	Unicorn-51.exe
3008	Unicorn-28016.exe
276	Unicorn-52521.exe
2120	Unicorn-10933.exe
2824	Unicorn-14255.exe
2756	Unicorn-31354.exe
2768	Unicorn-4446.exe
2796	Unicorn-43606.exe
2688	Unicorn-5266.exe
2584	Unicorn-25132.exe
3036	Unicorn-64026.exe
2612	Unicorn-60497.exe
1992	Unicorn-45552.exe
2896	Unicorn-43506.exe
2092	Unicorn-42022.exe
2316	Unicorn-35246.exe
1044	Unicorn-48266.exe
2608	Unicorn-48001.exe
304	Unicorn-25708.exe
684	Unicorn-19577.exe
2548	Unicorn-10356.exe
652	Unicorn-46512.exe
676	Unicorn-29661.exe
1308	Unicorn-49527.exe
1724	Unicorn-7517.exe
2932	Unicorn-33553.exe
1368	Unicorn-53419.exe
1584	Unicorn-31364.exe
2260	Unicorn-31629.exe
2380	Unicorn-58826.exe
752	Unicorn-52049.exe
1596	Unicorn-35613.exe
2376	Unicorn-27353.exe

Loads dropped DLL 64 IoCs

pid	Process
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
2652	Unicorn-54519.exe
2652	Unicorn-54519.exe
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
2500	Unicorn-6470.exe
2500	Unicorn-6470.exe
2652	Unicorn-54519.exe
2652	Unicorn-54519.exe
2664	Unicorn-29583.exe
2664	Unicorn-29583.exe
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
2968	Unicorn-52189.exe
2968	Unicorn-52189.exe
2652	Unicorn-54519.exe
2652	Unicorn-54519.exe
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
2832	Unicorn-24992.exe
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
2832	Unicorn-24992.exe
2664	Unicorn-29583.exe
2500	Unicorn-6470.exe
2808	Unicorn-37244.exe
2808	Unicorn-37244.exe
2500	Unicorn-6470.exe
2664	Unicorn-29583.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
2644	Unicorn-58515.exe
2644	Unicorn-58515.exe
2968	Unicorn-52189.exe
2968	Unicorn-52189.exe
2772	Unicorn-56469.exe
2772	Unicorn-56469.exe
2652	Unicorn-54519.exe
2652	Unicorn-54519.exe
2928	Unicorn-9869.exe
2928	Unicorn-9869.exe
2664	Unicorn-29583.exe
2664	Unicorn-29583.exe
2876	Unicorn-9869.exe
2876	Unicorn-9869.exe
2500	Unicorn-6470.exe
2944	Unicorn-40041.exe
2500	Unicorn-6470.exe
2944	Unicorn-40041.exe
2832	Unicorn-24992.exe
2832	Unicorn-24992.exe
1956	Unicorn-29735.exe
1956	Unicorn-29735.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
764	2740	WerFault.exe	37
1276	2776	WerFault.exe	41
3004	680	WerFault.exe	50
2992	1400	WerFault.exe	62
3044	2664	WerFault.exe	33
1432	1972	WerFault.exe	138
2852	1596	WerFault.exe	97
1812	3012	WerFault.exe	123
1532	2784	WerFault.exe	109
1932	1124	WerFault.exe	114
3268	2752	WerFault.exe	106
4040	2624	WerFault.exe	144
4032	2488	WerFault.exe	139
4008	1964	WerFault.exe	110
3984	556	WerFault.exe	55
3972	2608	WerFault.exe	81
4048	1808	WerFault.exe	117
4060	1656	WerFault.exe	129
4076	956	WerFault.exe	135
3448	2928	WerFault.exe	43
3612	2824	WerFault.exe	69
3736	1824	WerFault.exe	60
3700	276	WerFault.exe	67
3776	440	WerFault.exe	48
3616	3068	WerFault.exe	59
3804	2804	WerFault.exe	103
3800	304	WerFault.exe	83
3796	1652	WerFault.exe	122
3216	1356	WerFault.exe	118
4304	3024	WerFault.exe	142
4808	1608	WerFault.exe	141
4908	1564	WerFault.exe	140
5064	2572	WerFault.exe	104
4284	3064	WerFault.exe	160
4668	2400	WerFault.exe	115
4636	2548	WerFault.exe	85
4792	1992	WerFault.exe	77
4796	684	WerFault.exe	84
4784	676	WerFault.exe	87
4572	1936	WerFault.exe	111
4500	2376	WerFault.exe	98
4584	1248	WerFault.exe	108
4432	1584	WerFault.exe	93
4480	1804	WerFault.exe	46
4420	2380	WerFault.exe	95
4644	752	WerFault.exe	96
4888	3008	WerFault.exe	65
4868	2612	WerFault.exe	76
4884	2628	WerFault.exe	128
5092	2724	WerFault.exe	100
5228	2436	WerFault.exe	132
5236	1044	WerFault.exe	82
5272	852	WerFault.exe	136
5304	2044	WerFault.exe	134
5476	1488	WerFault.exe	102
5468	2848	WerFault.exe	101
5996	1560	WerFault.exe	121
5188	1476	WerFault.exe	148
5936	628	WerFault.exe	153
5168	2424	WerFault.exe	157
5760	2900	WerFault.exe	161
5772	1344	WerFault.exe	191
5812	1256	WerFault.exe	167
6064	2360	WerFault.exe	159

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48898.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1924	1f5a500ee3ee3235d57356498f9e6580N.exe
2652	Unicorn-54519.exe
2500	Unicorn-6470.exe
2664	Unicorn-29583.exe
2832	Unicorn-24992.exe
2968	Unicorn-52189.exe
2808	Unicorn-37244.exe
2740	Unicorn-47450.exe
2644	Unicorn-58515.exe
2776	Unicorn-39776.exe
2876	Unicorn-9869.exe
2944	Unicorn-40041.exe
2772	Unicorn-56469.exe
2928	Unicorn-9869.exe
1956	Unicorn-29735.exe
1804	Unicorn-45277.exe
1800	Unicorn-29303.exe
440	Unicorn-42947.exe
1188	Unicorn-50850.exe
680	Unicorn-29325.exe
1612	Unicorn-58005.exe
1100	Unicorn-37493.exe
832	Unicorn-4720.exe
1688	Unicorn-10850.exe
556	Unicorn-64690.exe
348	Unicorn-16881.exe
3068	Unicorn-20202.exe
1816	Unicorn-35909.exe
1824	Unicorn-10549.exe
1500	Unicorn-29578.exe
1400	Unicorn-32916.exe
1604	Unicorn-34953.exe
2888	Unicorn-51.exe
3008	Unicorn-28016.exe
276	Unicorn-52521.exe
2120	Unicorn-10933.exe
2824	Unicorn-14255.exe
2756	Unicorn-31354.exe
2768	Unicorn-4446.exe
2796	Unicorn-43606.exe
2584	Unicorn-25132.exe
2688	Unicorn-5266.exe
3036	Unicorn-64026.exe
2612	Unicorn-60497.exe
1992	Unicorn-45552.exe
2896	Unicorn-43506.exe
2092	Unicorn-42022.exe
2316	Unicorn-35246.exe
2608	Unicorn-48001.exe
1044	Unicorn-48266.exe
304	Unicorn-25708.exe
684	Unicorn-19577.exe
2548	Unicorn-10356.exe
676	Unicorn-29661.exe
652	Unicorn-46512.exe
1724	Unicorn-7517.exe
1308	Unicorn-49527.exe
1584	Unicorn-31364.exe
2260	Unicorn-31629.exe
1368	Unicorn-53419.exe
2932	Unicorn-33553.exe
2380	Unicorn-58826.exe
752	Unicorn-52049.exe
1596	Unicorn-35613.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2652	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	31
PID 1924 wrote to memory of 2652	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	31
PID 1924 wrote to memory of 2652	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	31
PID 1924 wrote to memory of 2652	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	31
PID 2652 wrote to memory of 2500	2652	Unicorn-54519.exe	32
PID 2652 wrote to memory of 2500	2652	Unicorn-54519.exe	32
PID 2652 wrote to memory of 2500	2652	Unicorn-54519.exe	32
PID 2652 wrote to memory of 2500	2652	Unicorn-54519.exe	32
PID 1924 wrote to memory of 2664	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	33
PID 1924 wrote to memory of 2664	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	33
PID 1924 wrote to memory of 2664	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	33
PID 1924 wrote to memory of 2664	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	33
PID 2500 wrote to memory of 2832	2500	Unicorn-6470.exe	34
PID 2500 wrote to memory of 2832	2500	Unicorn-6470.exe	34
PID 2500 wrote to memory of 2832	2500	Unicorn-6470.exe	34
PID 2500 wrote to memory of 2832	2500	Unicorn-6470.exe	34
PID 2652 wrote to memory of 2968	2652	Unicorn-54519.exe	35
PID 2652 wrote to memory of 2968	2652	Unicorn-54519.exe	35
PID 2652 wrote to memory of 2968	2652	Unicorn-54519.exe	35
PID 2652 wrote to memory of 2968	2652	Unicorn-54519.exe	35
PID 2664 wrote to memory of 2808	2664	Unicorn-29583.exe	36
PID 2664 wrote to memory of 2808	2664	Unicorn-29583.exe	36
PID 2664 wrote to memory of 2808	2664	Unicorn-29583.exe	36
PID 2664 wrote to memory of 2808	2664	Unicorn-29583.exe	36
PID 1924 wrote to memory of 2740	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	37
PID 1924 wrote to memory of 2740	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	37
PID 1924 wrote to memory of 2740	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	37
PID 1924 wrote to memory of 2740	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	37
PID 2968 wrote to memory of 2644	2968	Unicorn-52189.exe	38
PID 2968 wrote to memory of 2644	2968	Unicorn-52189.exe	38
PID 2968 wrote to memory of 2644	2968	Unicorn-52189.exe	38
PID 2968 wrote to memory of 2644	2968	Unicorn-52189.exe	38
PID 2740 wrote to memory of 764	2740	Unicorn-47450.exe	39
PID 2740 wrote to memory of 764	2740	Unicorn-47450.exe	39
PID 2740 wrote to memory of 764	2740	Unicorn-47450.exe	39
PID 2740 wrote to memory of 764	2740	Unicorn-47450.exe	39
PID 2652 wrote to memory of 2772	2652	Unicorn-54519.exe	40
PID 2652 wrote to memory of 2772	2652	Unicorn-54519.exe	40
PID 2652 wrote to memory of 2772	2652	Unicorn-54519.exe	40
PID 2652 wrote to memory of 2772	2652	Unicorn-54519.exe	40
PID 1924 wrote to memory of 2776	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	41
PID 1924 wrote to memory of 2776	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	41
PID 1924 wrote to memory of 2776	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	41
PID 1924 wrote to memory of 2776	1924	1f5a500ee3ee3235d57356498f9e6580N.exe	41
PID 2832 wrote to memory of 2944	2832	Unicorn-24992.exe	42
PID 2832 wrote to memory of 2944	2832	Unicorn-24992.exe	42
PID 2832 wrote to memory of 2944	2832	Unicorn-24992.exe	42
PID 2832 wrote to memory of 2944	2832	Unicorn-24992.exe	42
PID 2808 wrote to memory of 1956	2808	Unicorn-37244.exe	45
PID 2808 wrote to memory of 1956	2808	Unicorn-37244.exe	45
PID 2808 wrote to memory of 1956	2808	Unicorn-37244.exe	45
PID 2808 wrote to memory of 1956	2808	Unicorn-37244.exe	45
PID 2500 wrote to memory of 2876	2500	Unicorn-6470.exe	44
PID 2500 wrote to memory of 2876	2500	Unicorn-6470.exe	44
PID 2500 wrote to memory of 2876	2500	Unicorn-6470.exe	44
PID 2500 wrote to memory of 2876	2500	Unicorn-6470.exe	44
PID 2664 wrote to memory of 2928	2664	Unicorn-29583.exe	43
PID 2664 wrote to memory of 2928	2664	Unicorn-29583.exe	43
PID 2664 wrote to memory of 2928	2664	Unicorn-29583.exe	43
PID 2664 wrote to memory of 2928	2664	Unicorn-29583.exe	43
PID 2644 wrote to memory of 1804	2644	Unicorn-58515.exe	46
PID 2644 wrote to memory of 1804	2644	Unicorn-58515.exe	46
PID 2644 wrote to memory of 1804	2644	Unicorn-58515.exe	46
PID 2644 wrote to memory of 1804	2644	Unicorn-58515.exe	46

C:\Users\Admin\AppData\Local\Temp\1f5a500ee3ee3235d57356498f9e6580N.exe
"C:\Users\Admin\AppData\Local\Temp\1f5a500ee3ee3235d57356498f9e6580N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        9⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 220
        10⤵
        Program crash
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
        9⤵
        Program crash
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7415.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        9⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 224
        9⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56180.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
        8⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 248
        8⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59273.exe
        8⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
        8⤵
        Program crash
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
        7⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 224
        8⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18189.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        7⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 224
        8⤵
        Program crash
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
        7⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        8⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20170.exe
        7⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        7⤵
        
        PID:9868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        6⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 220
        7⤵
        Program crash
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3804.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
        6⤵
        
        PID:5536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 224
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        8⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 220
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
        7⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13813.exe
        7⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        6⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 220
        7⤵
        Program crash
        
        PID:4060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
        6⤵
        Program crash
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45468.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        7⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
        7⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
        6⤵
        
        PID:5700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 224
        6⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        5⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
        6⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        7⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 228
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
        5⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54315.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
        6⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
        5⤵
        
        PID:5972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 248
        5⤵
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9662.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2955.exe
        8⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe
        8⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43701.exe
        8⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        7⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 244
        7⤵
        Program crash
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        7⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 248
        7⤵
        Program crash
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
        6⤵
        
        PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51603.exe
        6⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55313.exe
        7⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10141.exe
        7⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        7⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        6⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 244
        6⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        5⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
        6⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24522.exe
        7⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-678.exe
        6⤵
        
        PID:5952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 248
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
        5⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 244
        6⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        5⤵
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        5⤵
        
        PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4720.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        6⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        7⤵
        Program crash
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        6⤵
        
        PID:5504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 244
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        6⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        7⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        6⤵
        
        PID:5300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 248
        6⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36220.exe
        6⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58764.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
        5⤵
        
        PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
        5⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        6⤵
        
        PID:3328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        6⤵
        Program crash
        
        PID:5228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        5⤵
        Program crash
        
        PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        5⤵
        
        PID:4276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 228
        5⤵
        Program crash
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43265.exe
      4⤵
      PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
      4⤵
      PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
      4⤵
      PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28949.exe
      4⤵
      PID:8932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 228
        9⤵
        Program crash
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        8⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 248
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        8⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        7⤵
        Program crash
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 224
        8⤵
        Program crash
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        7⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
        7⤵
        Program crash
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38334.exe
        7⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17285.exe
        7⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 244
        7⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        6⤵
        
        PID:3260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        6⤵
        Program crash
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        6⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58347.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2020.exe
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        7⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50595.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        6⤵
        
        PID:1664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        6⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32553.exe
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
        7⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
        7⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        6⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        7⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6220.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        6⤵
        
        PID:8732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        6⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        7⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 228
        7⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
        6⤵
        
        PID:5028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 224
        6⤵
        Program crash
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        5⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        6⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
        5⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        5⤵
        
        PID:6260
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 244
        5⤵
        
        PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
        6⤵
        Program crash
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        6⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19061.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6384.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        6⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        6⤵
        
        PID:4120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 248
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        6⤵
        
        PID:5484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 228
        6⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36882.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        5⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49163.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        5⤵
        
        PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        7⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        6⤵
        
        PID:5156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
        6⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        5⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        6⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16961.exe
        6⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2847.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        5⤵
        
        PID:5288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 244
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
        5⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        6⤵
        
        PID:5984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 244
        6⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        5⤵
        
        PID:3848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        5⤵
        Program crash
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
      4⤵
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        5⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34261.exe
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        5⤵
        
        PID:9128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
      4⤵
      PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
      4⤵
      PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
      4⤵
      PID:7756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
      4⤵
      PID:8788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62926.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        9⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34503.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        8⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        7⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        7⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 244
        7⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18105.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15727.exe
        7⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 248
        7⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 244
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 224
        7⤵
        Program crash
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        6⤵
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        6⤵
        Program crash
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        5⤵
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
        6⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        6⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60237.exe
        6⤵
        
        PID:9164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 248
        5⤵
        Program crash
        
        PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
        6⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        7⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 224
        7⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        6⤵
        
        PID:3388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
        6⤵
        Program crash
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
        6⤵
        
        PID:4752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
        6⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12249.exe
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        6⤵
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        5⤵
        
        PID:3492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 248
        5⤵
        Program crash
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
        7⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
        7⤵
        
        PID:8780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        6⤵
        Program crash
        
        PID:3796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        5⤵
        Program crash
        
        PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 220
        5⤵
        Program crash
        
        PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19046.exe
      4⤵
      PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
      4⤵
      PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
      4⤵
      PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
      4⤵
      PID:9576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        6⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        7⤵
        Program crash
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
        7⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        7⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1394.exe
        6⤵
        
        PID:3248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 228
        6⤵
        Program crash
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
        5⤵
        
        PID:3024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 220
        6⤵
        Program crash
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        5⤵
        
        PID:5408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 248
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
      4⤵
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        5⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        6⤵
        
        PID:4456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 228
        6⤵
        Program crash
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        5⤵
        
        PID:4648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 244
        5⤵
        Program crash
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
      4⤵
      PID:3092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 224
        5⤵
        
        PID:7444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
      4⤵
      PID:6872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64177.exe
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
      4⤵
      PID:9876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
      4⤵
      Executes dropped EXE
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        5⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12734.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48190.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13283.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        5⤵
        
        PID:3968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        5⤵
        Program crash
        
        PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        5⤵
        
        PID:4124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        5⤵
        Program crash
        
        PID:5168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
      4⤵
      Program crash
      PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
        5⤵
        
        PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
      4⤵
      PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3235.exe
      4⤵
      PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21399.exe
      4⤵
      PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
      4⤵
      PID:9900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
    3⤵
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
      4⤵
      PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
      4⤵
      PID:9696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
    3⤵
    PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
    3⤵
    PID:6932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
    3⤵
    PID:8020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
    3⤵
    PID:9168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
    3⤵
    PID:9884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        7⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 224
        8⤵
        Program crash
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        7⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        6⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60238.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 216
        8⤵
        Program crash
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        7⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
        7⤵
        Program crash
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17159.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
        7⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        6⤵
        
        PID:4560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 248
        6⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12983.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        8⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 228
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        7⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        7⤵
        Program crash
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        6⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        7⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 228
        7⤵
        Program crash
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        6⤵
        
        PID:3760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 248
        6⤵
        Program crash
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40704.exe
        5⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        6⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        6⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        5⤵
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        5⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        8⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
        8⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        8⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 248
        7⤵
        Program crash
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
        7⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        6⤵
        
        PID:3824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
        6⤵
        Program crash
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        5⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        6⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61367.exe
        7⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22196.exe
        7⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58541.exe
        6⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        6⤵
        
        PID:6500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        6⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30070.exe
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        6⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        5⤵
        
        PID:5516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 248
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4623.exe
        5⤵
        
        PID:2624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        6⤵
        Program crash
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        5⤵
        
        PID:3104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 244
        5⤵
        Program crash
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
      4⤵
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57576.exe
        5⤵
        
        PID:4416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 248
        5⤵
        Program crash
        
        PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
      4⤵
      PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
      4⤵
      PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
      4⤵
      PID:8380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 240
        5⤵
        Program crash
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48121.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        6⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        7⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 300
        7⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        6⤵
        
        PID:5580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        6⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        5⤵
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        6⤵
        
        PID:4604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 224
        6⤵
        
        PID:5412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        5⤵
        Program crash
        
        PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
        5⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        6⤵
        
        PID:5192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        6⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        5⤵
        
        PID:3180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        5⤵
        Program crash
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
      4⤵
      PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        5⤵
        
        PID:6908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 188
        6⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        5⤵
        
        PID:9892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
      4⤵
      Program crash
      PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        6⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        7⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
        6⤵
        
        PID:4620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 224
        6⤵
        Program crash
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42785.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe
        6⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        5⤵
        
        PID:5728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 244
        5⤵
        
        PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        6⤵
        
        PID:8508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 228
        5⤵
        Program crash
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
      4⤵
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        5⤵
        
        PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48759.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
      4⤵
      PID:6092
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
      4⤵
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
      4⤵
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57607.exe
        5⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36471.exe
        6⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        6⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        6⤵
        
        PID:6832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 228
        6⤵
        
        PID:8132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        5⤵
        Program crash
        
        PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
      4⤵
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24987.exe
        5⤵
        
        PID:4388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 228
        5⤵
        Program crash
        
        PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
      4⤵
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53418.exe
      4⤵
      PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43291.exe
      4⤵
      PID:7728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
      4⤵
      PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
      4⤵
      PID:8708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 244
    3⤵
    - Program crash
    PID:3044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
      4⤵
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
        5⤵
        
        PID:5624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 224
        5⤵
        
        PID:6492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
      4⤵
      Program crash
      PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5562.exe
    3⤵
    PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
      4⤵
      PID:6420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
      4⤵
      PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
      4⤵
      PID:8856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 220
    3⤵
    - Program crash
    PID:3616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
    3⤵
    PID:2488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
      4⤵
      Program crash
      PID:4032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3132
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
    3⤵
    - Program crash
    PID:4636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
  2⤵
  PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
    3⤵
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
      4⤵
      PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
      4⤵
      PID:8936
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 228
    3⤵
    - Program crash
    PID:4808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20852.exe
  2⤵
  PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37867.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 244
    3⤵
    PID:6072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9207.exe
  2⤵
  PID:3820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
  2⤵
  PID:4548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
  2⤵
  PID:5596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
  2⤵
  PID:7848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
  2⤵
  PID:8340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
  2⤵
  PID:8452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe

Filesize
468KB

MD5
2e8ae5fb201e7246d32e46c59ec91b9d

SHA1
b93fafcea85095ed5dfb1b293155e17652c90ead

SHA256
94bad666072f48a967c594b6fb9aa81cb1ca802e9c8f447927f2c70639084a96

SHA512
0fdadf92216f0b8114bdc984372ba5803f1044e35fd8eaca207d6a1dd342e07f10462a4141ef2ba143649c5a9bf012a3b51e19ba28c27cbbb132e9e41887fa92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27405.exe

Filesize
468KB

MD5
3e7ec71ab08862d90978d5009741f64f

SHA1
699e897a5b584045209b447fc78515da0d382830

SHA256
a059bae23ea99ed070af056c793765df175d5e35e470b80bbadd99cc7374fcb1

SHA512
a82e7c017e7ad882e8bd9868eab2164cf7533c2a24b0504f0050aa50e67e6f34b60906e7c0411c04649bb10d31bc3531a172dde5bafeaebf8e52d286ec92e618

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe

Filesize
468KB

MD5
07a5becbd94b4d9ab4d4488930e4372c

SHA1
cfc7ed2933d7f84bd895fcc65e0e03a034b7d2a0

SHA256
5f305449bd3d5305030bf97b4977794a15b703861854191888d051d117ed8585

SHA512
a436c5f1279620b50227a1a7b23053a3e0e0f733bd244a224a4861796fe54d94c38678dcd01d38f499ff0e4f2bb0a03334b9b2c9cb891cbfba5919619449d346

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe

Filesize
468KB

MD5
d5455a69551726a44bec1b4a12689184

SHA1
c02b162ce448ad31cdd00c54ccd7e0220475fe53

SHA256
7758d3b75a3b484c8476d4cd7b2806220db3ab2a2abd602ff00863e15bd69339

SHA512
bd1a315c06178b40724de1d909b4d1f4d4be78ecc44e213a26839534891284d3bea0f01259a8a0e7e0f9bb5abcc181938300647f29b87c9587c65c444edbf190

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe

Filesize
468KB

MD5
ec4d612dfa019fc5e9d176f2c9044555

SHA1
9eb5e5b4aea25dd1cc770b9432bd36488faa44fb

SHA256
d23c4812c6eedfa8af5dfb064da4b299237d1195c6ccf7ca9054f050b7030056

SHA512
e7b7eea60b5d954601c3b539ccbf7ff28ee093d897363b7e12b1a085cd0bec28c70a3c0961f39d949551155d435ccb2c8a8413598ef94ceee95d3b87d95aba22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe

Filesize
468KB

MD5
3827dce90aa8fc206754f87e7f6550f0

SHA1
3201379b36308a47b6403cd46697cf3a833b53b9

SHA256
d42a28c67cf5564ecdaaa7193fdd30d4306b7f1cfa2ccfd6419cabc501268455

SHA512
50088d5edb885a5fb7260841f76e926613bf3914ba32ba7490a871631e4d8d62e613234406ade6ed3ccce995f3f71fbaf85b9cc27334eac984a3d5cdbacb5d0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe

Filesize
468KB

MD5
1bf432c901570190a538ac94d871c789

SHA1
979486f5b180b69394f83fd59bbe241afca8e054

SHA256
982b750ea7062a018b71fd6ecb15b8540f63c0b6a4ce67fe77b315b5f4b0d2a2

SHA512
417d4f3261eb6de3bab6a8cd7f67e9b8bce23e4a76f67858fdd431cd1785765e7ac495832c559c085441ebd74270e8244a6b4022a3cc40cc3af65b6457daa884

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe

Filesize
468KB

MD5
62031ef0f363fda92219a21f112997af

SHA1
589206c2e43f6ad009e3b37667ab1c4a84e2c307

SHA256
68e741f059d234f8f334b40b7d8ee405a6902f87b5e4af9fd8eb0aa872570c23

SHA512
79b2c627b9b69c02eb572f9573ea6da89d1a1c23dec11912ddbb1a146d29004f5e01ad266a4255bb07c48104fcfe20cce578f0ecc7e905c8d84f7d34361b05da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe

Filesize
468KB

MD5
a3362812c3f3ce5b8be9fa4574cc8bd4

SHA1
72fa2f9538e64967008d116e31df4b61d0d0117b

SHA256
ff1d578acc01244397381401e22243ca365f5cc9818087d617a67b441e0dc119

SHA512
b34b6d6235b4ecc28b5d21d7af07bb9cef300fab165b5c1eb147605761dd16e86747bc0c8b6f02e565f3c5b535e2622d065bc80ad8399d036316be1f22f0f399

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe

Filesize
468KB

MD5
cb6cc9e3c9c3066a6185af48315f1c57

SHA1
9c0e7503ce273c8d41528d57543ca4aa54d63373

SHA256
6c34ebc9adef850954aedf1e274e99ada06ad5211a419f0950f324c8ee86a055

SHA512
ff22a6494ff2cc62df3069254a4dd29ada5ae048f74b3deb3a584c882448924ebfd7ba28d1cfd978ae2c1391c9f1c4302d977b0302da4a3bfc34eb0a8807a91f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe

Filesize
468KB

MD5
0f1ac20015f96b5aa8e58b51e6aea8f2

SHA1
49b214944f7e149163a9a4b942c6826fafa6b0db

SHA256
22928a12aca6d6462a17774dc1f0569956dc73fc3765344fe63841b3ce75d300

SHA512
5d874454c76b34c7af2418bf59f7a40dc651f7686e258bb4006c4f004e6312ddccdc1b08e2d3a42bbcb552d98080f16809ff3e1ce06d16c64fbcb6b61c277965

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe

Filesize
468KB

MD5
e0403346d738b459d8adece4a1dcef34

SHA1
dace8327e681f011fdc6554f2bc3ef2935a8aaa6

SHA256
b7abe6f940633d8d43526fbecf940f1fa0809f95001c1925373770c3504f097c

SHA512
84d07e760a32217e549e93813795f5be20aa8ccdb42ff7967b10b59c8ec5c8f96afe75d3e27c687e8eba15b60287fdaeba1799bd6b8db3813064743352c12d69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe

Filesize
468KB

MD5
2c5bc5d0e66babbbef1be904ec308066

SHA1
2ad4f515a3a300e852de0a6e25b5eb8e97fa4933

SHA256
606a723013ee3d62ca697a878f5a53c0cb37df13d495d86a07ff4afbf0abdba9

SHA512
65bb4c78ba0164e7c8dd3a7195eba71dc61ae5025c64cf67adc9b66f762ddac5a0cd5c2ea5204b540454af41bb60efc3b989154a6dc7a1f658630c711164e075

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe

Filesize
468KB

MD5
5a3e267de37a5876ed40815ec2f7522d

SHA1
df1361585afc5860f6d9358a0d77a91fbe1935bd

SHA256
c7a82031f5407d8feb1d2d361533a88b45e3a541d2371dd9ae5f77e23777368c

SHA512
572e53ba528da07d8032972bbde756fa146b3db37a639ccd06356cc2aedc01c47fa48b5ababae5e78efed1b084995466421e59e224f7c62a6b3f19e1e7c8c69d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe

Filesize
468KB

MD5
afd7a46d9e85adb92382aca2a333c5e3

SHA1
216e957fe43a479d6eb7a161b3155dd36e793c89

SHA256
8cbaeb737d0cd44a27375acdf5ee9f7a2b6f7ccad7be06ad134635820b8e9303

SHA512
5023132ccdcb4f98a1376cc133c5178bc9ffe674e394194400c6df052e9062ffd1de3592e40abc7c37be7bfee1c14585d2b189c9d86cd118f875f4f80829a5c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe

Filesize
468KB

MD5
90d9500c9cd588262c29e37424cade27

SHA1
1c09cc9172f453c04d7ea22085398c1f2541e071

SHA256
44200c65d74080ec70343afa005004f234a39ed8ed74cf13d82b5f9625485400

SHA512
b512cce66cf9d07f644d09578967ebf59dfc015289146ec99a5af2b2b77ece0490034b237f165dbe6aeadcdd723ee70e9df55cbfb666f40370f3d246c5cf43b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe

Filesize
468KB

MD5
ebef75e91442683ab3608ecc7f1d496a

SHA1
4916f7e3094df7652d9d3b9e16bf900f1ebfc5dc

SHA256
297ab848abed8210aab248e38d3a6302bc6cb8c0f35ec844cc88cd4044d42ea7

SHA512
34e0de6e8d1cebc4578ab3c3886608bffee3b5479877d7381b2781636b70ebe567febd298efa18d1ed760c283db5b802811f16c1c1c735ddebe1c58d2d219edc

Download Submit