fd44568ef0d52b18f9999735311c710b41fa1bf7f350b3a870d4dd021a21ad2f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fe97c55f467fdca610ebeca263e0e50N.exe
Size

468KB
MD5

1fe97c55f467fdca610ebeca263e0e50
SHA1

fa597e78ce14887e1128d68b0c9cb08677969ae2
SHA256

fd44568ef0d52b18f9999735311c710b41fa1bf7f350b3a870d4dd021a21ad2f
SHA512

eda3d57796624e7169c7714aa97f03f7c8f0fdabd123ede0c0a40509e66788334e83cbfc0a7421563c5db18ed2185bb065abc1ce64702d6616da00fc7abfb175
SSDEEP

3072:RG3nogISIE5TtbY2HncOcf8gvChaP0p2JVHeTVPMQ7NL6KvgEElb:RGXobMTtxHcOcftYHKQ7pBvgE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
776	Unicorn-44217.exe
2084	Unicorn-55016.exe
2328	Unicorn-51679.exe
2860	Unicorn-50455.exe
2796	Unicorn-17591.exe
2836	Unicorn-30589.exe
2684	Unicorn-27988.exe
2648	Unicorn-25702.exe
2876	Unicorn-28620.exe
1988	Unicorn-15429.exe
2356	Unicorn-31958.exe
1872	Unicorn-25827.exe
1520	Unicorn-11708.exe
1088	Unicorn-31574.exe
1428	Unicorn-31309.exe
2932	Unicorn-4708.exe
2920	Unicorn-49503.exe
2692	Unicorn-56872.exe
1700	Unicorn-17877.exe
2912	Unicorn-55803.exe
2008	Unicorn-23816.exe
1080	Unicorn-38891.exe
792	Unicorn-33829.exe
2180	Unicorn-55419.exe
900	Unicorn-55839.exe
1692	Unicorn-18641.exe
796	Unicorn-35169.exe
2528	Unicorn-38315.exe
532	Unicorn-28907.exe
2064	Unicorn-9041.exe
2988	Unicorn-19592.exe
1740	Unicorn-27924.exe
2308	Unicorn-14189.exe
2128	Unicorn-34055.exe
2220	Unicorn-19639.exe
2484	Unicorn-48782.exe
2728	Unicorn-5414.exe
2760	Unicorn-36561.exe
2800	Unicorn-52778.exe
2644	Unicorn-18845.exe
2608	Unicorn-64516.exe
2640	Unicorn-51325.exe
2224	Unicorn-58532.exe
1816	Unicorn-18461.exe
2164	Unicorn-50484.exe
2424	Unicorn-64219.exe
1660	Unicorn-899.exe
760	Unicorn-4428.exe
2548	Unicorn-27402.exe
2812	Unicorn-36068.exe
2664	Unicorn-16467.exe
2492	Unicorn-26925.exe
1084	Unicorn-20410.exe
316	Unicorn-58336.exe
2396	Unicorn-2429.exe
992	Unicorn-54231.exe
468	Unicorn-11532.exe
952	Unicorn-27065.exe
772	Unicorn-10536.exe
1984	Unicorn-22767.exe
2228	Unicorn-27366.exe
1812	Unicorn-59767.exe
2480	Unicorn-49561.exe
2444	Unicorn-29311.exe

Loads dropped DLL 64 IoCs

pid	Process
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
776	Unicorn-44217.exe
776	Unicorn-44217.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2084	Unicorn-55016.exe
2328	Unicorn-51679.exe
2084	Unicorn-55016.exe
776	Unicorn-44217.exe
2328	Unicorn-51679.exe
776	Unicorn-44217.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2796	Unicorn-17591.exe
2796	Unicorn-17591.exe
2084	Unicorn-55016.exe
2084	Unicorn-55016.exe
2836	Unicorn-30589.exe
2836	Unicorn-30589.exe
2860	Unicorn-50455.exe
776	Unicorn-44217.exe
2860	Unicorn-50455.exe
776	Unicorn-44217.exe
2328	Unicorn-51679.exe
2684	Unicorn-27988.exe
2328	Unicorn-51679.exe
2684	Unicorn-27988.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2648	Unicorn-25702.exe
2648	Unicorn-25702.exe
2796	Unicorn-17591.exe
2796	Unicorn-17591.exe
2876	Unicorn-28620.exe
2876	Unicorn-28620.exe
2084	Unicorn-55016.exe
2084	Unicorn-55016.exe
1520	Unicorn-11708.exe
1520	Unicorn-11708.exe
1872	Unicorn-25827.exe
1872	Unicorn-25827.exe
1988	Unicorn-15429.exe
1988	Unicorn-15429.exe
2328	Unicorn-51679.exe
2328	Unicorn-51679.exe
1088	Unicorn-31574.exe
1088	Unicorn-31574.exe
776	Unicorn-44217.exe
776	Unicorn-44217.exe
2836	Unicorn-30589.exe
2836	Unicorn-30589.exe
2684	Unicorn-27988.exe
2684	Unicorn-27988.exe
2356	Unicorn-31958.exe
2356	Unicorn-31958.exe
1428	Unicorn-31309.exe
2860	Unicorn-50455.exe
2860	Unicorn-50455.exe
1428	Unicorn-31309.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
2380	WerFault.exe
2380	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2380	532	WerFault.exe	59
2248	2920	WerFault.exe	47
3036	1080	WerFault.exe	52
1332	900	WerFault.exe	55
1216	2180	WerFault.exe	54
444	796	WerFault.exe	57
2036	2396	WerFault.exe	91
1116	2304	WerFault.exe	101
2288	792	WerFault.exe	53
2120	772	WerFault.exe	95
2060	2608	WerFault.exe	73
2176	2636	WerFault.exe	105
2900	1936	WerFault.exe	108
1624	2064	WerFault.exe	60
2824	300	WerFault.exe	111
2416	1260	WerFault.exe	112
1596	1696	WerFault.exe	120
3396	640	WerFault.exe	116
3380	1828	WerFault.exe	130
3612	1196	WerFault.exe	140
3904	1708	WerFault.exe	143
3608	556	WerFault.exe	151
3320	2328	WerFault.exe	33
3112	1324	WerFault.exe	164
4164	2164	WerFault.exe	78
4392	1688	WerFault.exe	123
4476	2744	WerFault.exe	173
5096	2224	WerFault.exe	76
5088	2760	WerFault.exe	70
5056	1812	WerFault.exe	98
5012	2364	WerFault.exe	125
5000	2816	WerFault.exe	127
4936	3012	WerFault.exe	137
4956	2276	WerFault.exe	142
5068	3068	WerFault.exe	136
5020	1028	WerFault.exe	154
4552	468	WerFault.exe	93
4660	1824	WerFault.exe	109
4676	2548	WerFault.exe	84
5116	1084	WerFault.exe	88
4548	2444	WerFault.exe	100
4896	2724	WerFault.exe	102
4220	2644	WerFault.exe	72
4180	2624	WerFault.exe	146
4172	1700	WerFault.exe	49
4148	2008	WerFault.exe	51
4144	3100	WerFault.exe	192
4860	3028	WerFault.exe	179
4952	952	WerFault.exe	94
4188	2668	WerFault.exe	107
5524	2756	WerFault.exe	104
5540	1872	WerFault.exe	42
5564	2348	WerFault.exe	122
5584	2604	WerFault.exe	160
5596	1020	WerFault.exe	157
5640	1932	WerFault.exe	163
5624	2704	WerFault.exe	159
5616	2820	WerFault.exe	152
5856	1928	WerFault.exe	165
5872	2484	WerFault.exe	68
5880	2840	WerFault.exe	161
5988	2104	WerFault.exe	169
5352	1424	WerFault.exe	110
5780	1252	WerFault.exe	118

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5444.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1fe97c55f467fdca610ebeca263e0e50N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8593.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2408	1fe97c55f467fdca610ebeca263e0e50N.exe
776	Unicorn-44217.exe
2084	Unicorn-55016.exe
2328	Unicorn-51679.exe
2796	Unicorn-17591.exe
2684	Unicorn-27988.exe
2836	Unicorn-30589.exe
2860	Unicorn-50455.exe
2648	Unicorn-25702.exe
2876	Unicorn-28620.exe
1988	Unicorn-15429.exe
2356	Unicorn-31958.exe
1872	Unicorn-25827.exe
1520	Unicorn-11708.exe
1088	Unicorn-31574.exe
1428	Unicorn-31309.exe
2932	Unicorn-4708.exe
2920	Unicorn-49503.exe
2692	Unicorn-56872.exe
1700	Unicorn-17877.exe
2912	Unicorn-55803.exe
2008	Unicorn-23816.exe
1080	Unicorn-38891.exe
792	Unicorn-33829.exe
2180	Unicorn-55419.exe
900	Unicorn-55839.exe
1692	Unicorn-18641.exe
796	Unicorn-35169.exe
2528	Unicorn-38315.exe
532	Unicorn-28907.exe
2988	Unicorn-19592.exe
2064	Unicorn-9041.exe
1740	Unicorn-27924.exe
2308	Unicorn-14189.exe
2128	Unicorn-34055.exe
2484	Unicorn-48782.exe
2220	Unicorn-19639.exe
2728	Unicorn-5414.exe
2800	Unicorn-52778.exe
2760	Unicorn-36561.exe
2644	Unicorn-18845.exe
2608	Unicorn-64516.exe
2640	Unicorn-51325.exe
1816	Unicorn-18461.exe
2224	Unicorn-58532.exe
2424	Unicorn-64219.exe
2164	Unicorn-50484.exe
1660	Unicorn-899.exe
760	Unicorn-4428.exe
2812	Unicorn-36068.exe
2548	Unicorn-27402.exe
2664	Unicorn-16467.exe
2492	Unicorn-26925.exe
1084	Unicorn-20410.exe
316	Unicorn-58336.exe
2396	Unicorn-2429.exe
992	Unicorn-54231.exe
772	Unicorn-10536.exe
468	Unicorn-11532.exe
952	Unicorn-27065.exe
1984	Unicorn-22767.exe
2228	Unicorn-27366.exe
1812	Unicorn-59767.exe
2480	Unicorn-49561.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 776	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	31
PID 2408 wrote to memory of 776	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	31
PID 2408 wrote to memory of 776	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	31
PID 2408 wrote to memory of 776	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	31
PID 776 wrote to memory of 2084	776	Unicorn-44217.exe	32
PID 776 wrote to memory of 2084	776	Unicorn-44217.exe	32
PID 776 wrote to memory of 2084	776	Unicorn-44217.exe	32
PID 776 wrote to memory of 2084	776	Unicorn-44217.exe	32
PID 2408 wrote to memory of 2328	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	33
PID 2408 wrote to memory of 2328	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	33
PID 2408 wrote to memory of 2328	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	33
PID 2408 wrote to memory of 2328	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	33
PID 2084 wrote to memory of 2796	2084	Unicorn-55016.exe	34
PID 2084 wrote to memory of 2796	2084	Unicorn-55016.exe	34
PID 2084 wrote to memory of 2796	2084	Unicorn-55016.exe	34
PID 2084 wrote to memory of 2796	2084	Unicorn-55016.exe	34
PID 2328 wrote to memory of 2860	2328	Unicorn-51679.exe	35
PID 2328 wrote to memory of 2860	2328	Unicorn-51679.exe	35
PID 2328 wrote to memory of 2860	2328	Unicorn-51679.exe	35
PID 2328 wrote to memory of 2860	2328	Unicorn-51679.exe	35
PID 776 wrote to memory of 2836	776	Unicorn-44217.exe	36
PID 776 wrote to memory of 2836	776	Unicorn-44217.exe	36
PID 776 wrote to memory of 2836	776	Unicorn-44217.exe	36
PID 776 wrote to memory of 2836	776	Unicorn-44217.exe	36
PID 2408 wrote to memory of 2684	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	37
PID 2408 wrote to memory of 2684	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	37
PID 2408 wrote to memory of 2684	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	37
PID 2408 wrote to memory of 2684	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	37
PID 2796 wrote to memory of 2648	2796	Unicorn-17591.exe	38
PID 2796 wrote to memory of 2648	2796	Unicorn-17591.exe	38
PID 2796 wrote to memory of 2648	2796	Unicorn-17591.exe	38
PID 2796 wrote to memory of 2648	2796	Unicorn-17591.exe	38
PID 2084 wrote to memory of 2876	2084	Unicorn-55016.exe	39
PID 2084 wrote to memory of 2876	2084	Unicorn-55016.exe	39
PID 2084 wrote to memory of 2876	2084	Unicorn-55016.exe	39
PID 2084 wrote to memory of 2876	2084	Unicorn-55016.exe	39
PID 2836 wrote to memory of 1988	2836	Unicorn-30589.exe	40
PID 2836 wrote to memory of 1988	2836	Unicorn-30589.exe	40
PID 2836 wrote to memory of 1988	2836	Unicorn-30589.exe	40
PID 2836 wrote to memory of 1988	2836	Unicorn-30589.exe	40
PID 2860 wrote to memory of 2356	2860	Unicorn-50455.exe	41
PID 2860 wrote to memory of 2356	2860	Unicorn-50455.exe	41
PID 2860 wrote to memory of 2356	2860	Unicorn-50455.exe	41
PID 2860 wrote to memory of 2356	2860	Unicorn-50455.exe	41
PID 776 wrote to memory of 1872	776	Unicorn-44217.exe	42
PID 776 wrote to memory of 1872	776	Unicorn-44217.exe	42
PID 776 wrote to memory of 1872	776	Unicorn-44217.exe	42
PID 776 wrote to memory of 1872	776	Unicorn-44217.exe	42
PID 2328 wrote to memory of 1520	2328	Unicorn-51679.exe	43
PID 2328 wrote to memory of 1520	2328	Unicorn-51679.exe	43
PID 2328 wrote to memory of 1520	2328	Unicorn-51679.exe	43
PID 2328 wrote to memory of 1520	2328	Unicorn-51679.exe	43
PID 2684 wrote to memory of 1088	2684	Unicorn-27988.exe	44
PID 2684 wrote to memory of 1088	2684	Unicorn-27988.exe	44
PID 2684 wrote to memory of 1088	2684	Unicorn-27988.exe	44
PID 2684 wrote to memory of 1088	2684	Unicorn-27988.exe	44
PID 2408 wrote to memory of 1428	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	45
PID 2408 wrote to memory of 1428	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	45
PID 2408 wrote to memory of 1428	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	45
PID 2408 wrote to memory of 1428	2408	1fe97c55f467fdca610ebeca263e0e50N.exe	45
PID 2648 wrote to memory of 2932	2648	Unicorn-25702.exe	46
PID 2648 wrote to memory of 2932	2648	Unicorn-25702.exe	46
PID 2648 wrote to memory of 2932	2648	Unicorn-25702.exe	46
PID 2648 wrote to memory of 2932	2648	Unicorn-25702.exe	46

C:\Users\Admin\AppData\Local\Temp\1fe97c55f467fdca610ebeca263e0e50N.exe
"C:\Users\Admin\AppData\Local\Temp\1fe97c55f467fdca610ebeca263e0e50N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34055.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        9⤵
        Program crash
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        9⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 228
        9⤵
        Program crash
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        8⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 244
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42019.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        9⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 248
        9⤵
        Program crash
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
        8⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 228
        8⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
        8⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 228
        8⤵
        Program crash
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
        7⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        7⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        9⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 220
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36310.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        8⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        7⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 224
        8⤵
        Program crash
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53992.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        9⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        8⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 248
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
        7⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 224
        7⤵
        Program crash
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        7⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        7⤵
        Program crash
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
        6⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        6⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        6⤵
        
        PID:7692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
        6⤵
        
        PID:8708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 244
        6⤵
        Program crash
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        8⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 228
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        7⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        7⤵
        Program crash
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        7⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 228
        7⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4408.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55583.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        7⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 244
        7⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        6⤵
        
        PID:3096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 220
        6⤵
        Program crash
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        5⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6761.exe
        6⤵
        
        PID:5308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 244
        6⤵
        
        PID:7024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10005.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        5⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55893.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        5⤵
        
        PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49561.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
        9⤵
        
        PID:3772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 248
        9⤵
        Program crash
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23548.exe
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61494.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-125.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
        8⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 244
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14882.exe
        7⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        7⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        6⤵
        Executes dropped EXE
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        8⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 248
        8⤵
        Program crash
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        7⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 224
        7⤵
        Program crash
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        6⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
        7⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 248
        7⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        6⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        6⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-635.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 224
        7⤵
        Program crash
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        6⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        7⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        6⤵
        
        PID:4000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        6⤵
        Program crash
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        6⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24680.exe
        7⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 248
        7⤵
        Program crash
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55935.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
        6⤵
        
        PID:4208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
        6⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31984.exe
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        6⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        5⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35980.exe
        5⤵
        
        PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        6⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        Program crash
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49294.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        7⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        7⤵
        Program crash
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
        6⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        6⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        6⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
        6⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40845.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55864.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58588.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        7⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        6⤵
        
        PID:3248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 244
        6⤵
        Program crash
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        5⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        6⤵
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        6⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 244
        5⤵
        Program crash
        
        PID:4172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24891.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
        6⤵
        
        PID:3868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        6⤵
        Program crash
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        5⤵
        
        PID:3824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 244
        5⤵
        Program crash
        
        PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        5⤵
        Program crash
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4494.exe
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
      4⤵
      PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
      4⤵
      PID:8584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 220
        6⤵
        Program crash
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        6⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
        7⤵
        Program crash
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        6⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        7⤵
        
        PID:9124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 224
        6⤵
        Program crash
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49129.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        7⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45432.exe
        6⤵
        
        PID:3836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 224
        6⤵
        Program crash
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64765.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
        6⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
        5⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57950.exe
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        5⤵
        
        PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18641.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 228
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31947.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59622.exe
        7⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
        7⤵
        
        PID:8644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        6⤵
        
        PID:5048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        6⤵
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        6⤵
        
        PID:4908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
        6⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        5⤵
        
        PID:4284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 244
        5⤵
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
        6⤵
        
        PID:3516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 216
        6⤵
        Program crash
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
        5⤵
        
        PID:3636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        5⤵
        Program crash
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
      4⤵
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1488.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
      4⤵
      PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
      4⤵
      PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
      4⤵
      PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
      4⤵
      PID:8236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23816.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42019.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        8⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 228
        8⤵
        Program crash
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        7⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        7⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        6⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48385.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        7⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 224
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 244
        6⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
        5⤵
        
        PID:2636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 220
        6⤵
        Program crash
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21856.exe
        5⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        6⤵
        
        PID:3192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 248
        6⤵
        Program crash
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 244
        5⤵
        Program crash
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34242.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 248
        7⤵
        Program crash
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        6⤵
        
        PID:3276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 220
        6⤵
        Program crash
        
        PID:4660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        5⤵
        Program crash
        
        PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 224
        5⤵
        Program crash
        
        PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        5⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17676.exe
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        5⤵
        
        PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
      4⤵
      Program crash
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 220
      4⤵
      Program crash
      PID:1332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24057.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        5⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        5⤵
        
        PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        5⤵
        
        PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16373.exe
      4⤵
      PID:3216
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 244
      4⤵
      Program crash
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
    3⤵
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
      4⤵
      PID:3764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 244
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42530.exe
    3⤵
    PID:3504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
    3⤵
    PID:4640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
    3⤵
    PID:6608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
    3⤵
    PID:7568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
    3⤵
    PID:8088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13396.exe
    3⤵
    PID:8244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32326.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15175.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        7⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
        7⤵
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
        6⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        8⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        8⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        7⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 248
        7⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        6⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24148.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        7⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1773.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        6⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
        6⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        7⤵
        Program crash
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        6⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
        7⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37050.exe
        7⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17527.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        6⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        6⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        6⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        6⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
        7⤵
        Program crash
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
        6⤵
        
        PID:7036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 244
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        6⤵
        
        PID:4972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
        6⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
        5⤵
        
        PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51325.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        8⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        7⤵
        Program crash
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        6⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 224
        7⤵
        Program crash
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        6⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        5⤵
        
        PID:1936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        6⤵
        Program crash
        
        PID:2900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 244
        5⤵
        Program crash
        
        PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        5⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
        7⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45281.exe
        7⤵
        
        PID:8424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 228
        6⤵
        Program crash
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        5⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29362.exe
        6⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
        6⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        5⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        5⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        5⤵
        
        PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 244
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63115.exe
      4⤵
      PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        5⤵
        
        PID:8440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
      4⤵
      PID:5040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
      4⤵
      PID:1232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        6⤵
        
        PID:640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 224
        7⤵
        Program crash
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
        6⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58121.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        7⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27128.exe
        6⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        6⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3609.exe
        6⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        5⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        6⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
        7⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        6⤵
        
        PID:4828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 224
        6⤵
        Program crash
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34186.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
        5⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50116.exe
        5⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        5⤵
        
        PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62820.exe
        5⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        6⤵
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 228
        6⤵
        Program crash
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7128.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        5⤵
        
        PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17682.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        5⤵
        
        PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        5⤵
        
        PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46669.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4328.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8959.exe
      4⤵
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
      4⤵
      PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13062.exe
      4⤵
      PID:8560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        5⤵
        
        PID:1196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 224
        6⤵
        Program crash
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        5⤵
        
        PID:4816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 228
        5⤵
        
        PID:6168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 248
      4⤵
      Program crash
      PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
        5⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44019.exe
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        6⤵
        
        PID:8404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        5⤵
        
        PID:4384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 220
        5⤵
        Program crash
        
        PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        5⤵
        
        PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
        5⤵
        
        PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
      4⤵
      PID:4668
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 248
      4⤵
      PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
    3⤵
    PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        5⤵
        
        PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        5⤵
        
        PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54622.exe
      4⤵
      PID:5256
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 236
      4⤵
      PID:6920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
    3⤵
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45739.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
      4⤵
      PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
      4⤵
      PID:7700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
      4⤵
      PID:8684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 244
    3⤵
    - Program crash
    PID:3320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 224
        5⤵
        Program crash
        
        PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
        5⤵
        
        PID:1708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 220
        6⤵
        Program crash
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        5⤵
        
        PID:5036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        5⤵
        
        PID:4104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 244
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11204.exe
      4⤵
      PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57028.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 220
      4⤵
      Program crash
      PID:444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
      4⤵
      Program crash
      PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        5⤵
        
        PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38358.exe
      4⤵
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21262.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
      4⤵
      PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
    3⤵
    PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24948.exe
      4⤵
      PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
      4⤵
      PID:8432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
    3⤵
    PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
    3⤵
    PID:7064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
    3⤵
    PID:9192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 200
      4⤵
      Loads dropped DLL
      Program crash
      PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34078.exe
      4⤵
      PID:3548
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 248
      4⤵
      Program crash
      PID:5616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 244
    3⤵
    PID:6672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
      4⤵
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        5⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        6⤵
        
        PID:3256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 228
        6⤵
        Program crash
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        5⤵
        
        PID:4116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 248
        5⤵
        
        PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
      4⤵
      PID:1324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 224
        5⤵
        Program crash
        
        PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19618.exe
      4⤵
      PID:3456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 248
      4⤵
      Program crash
      PID:4220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
    3⤵
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
      4⤵
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
        5⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
      4⤵
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
      4⤵
      PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
      4⤵
      PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
      4⤵
      PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
      4⤵
      PID:8872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
    3⤵
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
      4⤵
      PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
      4⤵
      PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41716.exe
    3⤵
    PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
    3⤵
    PID:8724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
    3⤵
    PID:8968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
    3⤵
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
      4⤵
      PID:6216
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 248
      4⤵
      PID:7200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
    3⤵
    PID:3912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 244
    3⤵
    - Program crash
    PID:5096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
  2⤵
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
    3⤵
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
    3⤵
    PID:5652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26245.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26245.exe
  2⤵
  PID:4080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
  2⤵
  PID:4192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
  2⤵
  PID:6112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
  2⤵
  PID:6868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
  2⤵
  PID:7380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52263.exe
  2⤵
  PID:8468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe

Filesize
468KB

MD5
54f2ccd72cc55b425b824dd7bd1dc149

SHA1
1b6790b25d8315ffe308e04645213229794b28d6

SHA256
b47d12be2164144202607583667a73b02f88449c29193ea2e97be5b611722c28

SHA512
e96b7b258e5b95302bf83c51f6309191f167adb90ecab73aac9a647a5c2710113f774e9af7a106d9c2ac1996d05a1909dc4e08411a291e74aa4a98d0a9e7074c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe

Filesize
468KB

MD5
ff7462a742b7eeb5a15c65f6688d0193

SHA1
7c73f9454b30e1b86adcf7d719c291662613c64f

SHA256
50d7d47e965273a52eb85cc37a9f2504d27d22b6dcb280e2718a060a10a3ed4a

SHA512
4caafd2ba0840c766937c4c460e3abb0bbd00099d371574ddfd5b61b174a9f62532627ee1f035a4bcacaf8ec0e662e9936ada25b31394113dcf562bce11b135a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe

Filesize
468KB

MD5
13d7a196b54ecf3b955f484ec9fb95ad

SHA1
963ef47e3202ad2672ac9f2ec902800fdb8bb80f

SHA256
a281f64b641258aee6eb9a3a4a3ba8aaa0804b3913e8c0d42c0d46c5b3eb760f

SHA512
785280b645fe9b7f6fffc2cecc62a4c2778e11d0f1c9d8b95cd241a0e075f648d24f6fdc546a5689d1542d71cd5fd9823f4fb37f9b32666fda874593783071a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe

Filesize
468KB

MD5
f123ca07539a535c5d6971c6fe1a9e17

SHA1
1aa71727bb296898c08299b9f02db07af97caca6

SHA256
133ea748a9b635c84e0f87b77a88a52d482a084c9e37ed433d09c3dd8c8a1c87

SHA512
1a3b3367536d3538c5667bc49ec542dd2356cbb4c233bf96f0c3ebce63f2557a82bfb2835fb736fc678bf798ebefbc53ea177ba9da462d42b76e68f508850f5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe

Filesize
468KB

MD5
120e5d241ee381c53f23b3d4b62c475f

SHA1
d3721da89cec139df6bcd184d0ab01db74f7fee0

SHA256
453f50a4fd09c0ce5b28af8eddbd36b57db9d835e8be4a8a435ffbf1834e1a67

SHA512
a49b807175210fab9dc034cb3afa748ec134c524c79cccb24eb8cc116b6284aa46064dff472acc3961d3dc660fcea47f45fd22f54c4801769a1d7035a9ecc29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe

Filesize
468KB

MD5
d158f00286dbb0f056096fa4a08d8998

SHA1
dabfe832be5228a89bbb2500e5307e84ae18df48

SHA256
e1eabb9d50f19ef53bac1a5956d3bbbf4c96b49b60ac4f268062b0145774cbcf

SHA512
1a7dedffe184c023d7d9647571188ec4d6d1a747b5b2bb298ab1686e81f5a9ed15e79ee7c947442e3a12541f52489ad9ef5133396a69c2addc281232b1d3707c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe

Filesize
468KB

MD5
e98cc94c833eca03dccef094e61140d6

SHA1
a7600638695626297a68dc6e94f018861bf80541

SHA256
8e7947e950c084f56366d12cfdf7b6b39500b9cc245f7cc6cc7a128151681694

SHA512
72d5277803e72abeb7d2b36634bcc9d3717a2a33390229ff603f547a9f51dfa852e6a815c2ae1d95b9f4f28f0a7dd319fac1d96067bf51a8ac1e7e4f4b47d96a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe

Filesize
468KB

MD5
0410b0d18d21afbabee081f04423fbbe

SHA1
c54394b1096daf0fc8c055e36821e6083710e752

SHA256
8d8d69f852eccd0335150b2de5d855cab92c3bf57ccdb928412203ce76dfa523

SHA512
17edae1c87fe782093fac34c98760a1756a7e861edee70b1be435739590747f29cdd925f99b70527d009bd374467ef005da558514a1bea7f79279a9503f2a09f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe

Filesize
468KB

MD5
ede78cc143ae276d62b418133a0d2e5c

SHA1
d0acc9af6ff873f170012ced4b4f27de8664dbba

SHA256
a498ad2c4e743a4c8526cdc0e1f0cf8fb03e22f2a70718d98c020fa5f94fe376

SHA512
7a4777f207f0c654ea732edac9d904aaeba17eb02450f17df5a7c0a68bac8e1438aa64483d974e4d9da99451ab310d56ebea96f24c3f08757edd7984b4d277d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe

Filesize
468KB

MD5
7ec76a77a652c814e9823c8a0257cff5

SHA1
053f2396f900025684a37d08cf85faca4b75279c

SHA256
f0d8c20fd87e4ce0a2c26c0a1295fa656728946da388e7a84a6c2e898ca5500f

SHA512
d0c050c9a3dc640a64cd9512a0c88ccc63a28fcd039731b116b0a4f190c5dcc0a89bd9c2146aea7994ffc89661e77ad1fda7bda14e79968df8529bbb7a0bf2e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe

Filesize
468KB

MD5
1dde8854da62772d28de51dbc12c2191

SHA1
771ef3c9e95be70cf3337063c619c470ce9aceec

SHA256
0d3691c9444464e413fe70158a418dc49ffd211c2eb3e42295620767cb5dd9da

SHA512
47d6a13214911ff60185275e1afca9d3b92f55a876754533b7a33434dd8fa3aef1db5064ae9a9a5c13a07176a0e845173422bcbab489584613fdffb35f5bd4f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe

Filesize
468KB

MD5
277b45147d724b3dbab2769da05ef763

SHA1
55ff389ff0da157037872ad8dd30d60b71b151c5

SHA256
bc14382fbaacac590756b751d15cfe2fe217945fe2228eac432271e01e7e4d44

SHA512
0c8ddb05a4f93f76354a5f150659a943d248439100c086a62f506269715635affcf0e6261eb5827160c84f86471f0d745ecc515f7796a3bee7fb6cace45ac8d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe

Filesize
468KB

MD5
997d3c062d55765815f809206025ec77

SHA1
396714fc4ba441ef63b38fdf6791581bef390c9c

SHA256
f54eafd343594907ee9f0c94294cc59ebe501d163ac5c255b97b9cf3e22c6368

SHA512
edf0617676fa9576e2fcba09111765a31ac94cff41ba36ed6d8e2a600eb754558a53b4b8fe7f609d2a773b6986d14387264f5abc05f88127549d3a0d92aa5c67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe

Filesize
468KB

MD5
0c63ee0e4918566e3ca66ed44aa46d4e

SHA1
f6270f369577733e4697b6018ef90c073cde5335

SHA256
86ef73571570601766991086757068cfddb00da3c47dc27465a0c86c5be1610b

SHA512
c3b3b3f8e1cb0f0afecdd8f7e8685b5b984c082a348ca541ce2173b69bdc46c08039f9aee170e76d6e6f91b63b395f12bef1a90f6bae51d093c7d323daeb9b60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe

Filesize
468KB

MD5
d9c8531f59c0449161d367fab54e7aed

SHA1
f2caa9b4e196558da4e03dfa73f042ba2a37e46b

SHA256
aed35e852e4ae340267d4ee9c16a6aedc385fc1e94e3197846021dc030a3f60b

SHA512
b9ba6a3e54cb4bc5bb530d0957cb33febc26d95322b94a045f7555f11da8e917ef87a55ac4a04b11956ff351d984cf738c3961d8783b5d124a4ba3e55f2aedc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31958.exe

Filesize
468KB

MD5
e812b24a6be84d1c4267519fade13666

SHA1
e45c77e26d8878ab6f3de572b38897c06bd6a84a

SHA256
cdf1328e3a5f1175236c1dea59af804c63fcf1dd070fe71ce0da85c5f2d6fe50

SHA512
4db5b2126f610b644d00db96f105500d94f66fa3e593fb89a960eaca31ae3097e31453b5674e615264a96fd82a83c37ce39a2692ad9534b8c9b2b53badb0c919

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe

Filesize
468KB

MD5
9dc51551ba28925df95ca6cbe4317d68

SHA1
6a48804acdad75e4215d8d53bde5b90822552e20

SHA256
1be55dfdaa0bfb745a071bc42dec8c6cfca61484e409ddf61371bf1aa1281761

SHA512
c266deb26d40d96e1bf22e17c358f26dcad2a895a00fb23d20df3127e16d5f590f75a09bdd41225460e927350a57be783c1099636ab000d77da202dfb12e9616

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4708.exe

Filesize
468KB

MD5
8e8a7e9b4b3fd4a6efb291909fbe5d16

SHA1
54cb4daf13b80b0908ac26212491763003ed6aaf

SHA256
2de1467dfb75f98e0d0bd38a88fd6c8a4464b7024d44c558453b0d66343aca2b

SHA512
8db879e9e6e0088eb92c7af2afb2c17dd56c1a2a82adf7f5bbdb124baabc9dc8ac05de929d8a7d90f89474115dbc368357d58af10d6fe59fc44aca42f469f0aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe

Filesize
468KB

MD5
03579ad64e6574dfabf64598d9f74787

SHA1
da3651c9d30b5c9928fec13ffb00b5a6755f9338

SHA256
f88f18e7b64da43d8f3024f4fd899c1eb1209778f93e09342bda6d268df3a837

SHA512
ec78098af24eafe95812a4f3af8116e98db832c160bd5f0869734f2ea5b313487d4acd0ccbca5e10736831909a43a906665b78dedff6cd6e38eaf851bdc5bfd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe

Filesize
468KB

MD5
75e6762e7bdadd2aafe2a85d064172a2

SHA1
a803b8685076ba89b0ac4de0d7e49f6a6bcd84a4

SHA256
b6104e6cd868a9cbc57c0bc22adaff61248a733efef64defb956e37102d61e89

SHA512
6c75d09ab9a27215172c278be6331be0da6a03fd4f6bfb412f9288db6b321d6d01369bd4f2a2d56640001c03507085dd14da2ec3e46ba4806cf5d728004f4399

Download Submit