7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
Size

468KB
MD5

582660019b87e2c05c3d1c7818bac3ae
SHA1

de9e7f3e6a333e986cd6de969069ef48f774f0c1
SHA256

7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea
SHA512

cd181484d3af4225cfb2aaf6bf47d9218b8742b5ec3b53b9355c3434349e6c50eb2249ba55acc78e8101e0b42a10f3484893ce35d593c6ce944350f398ac611e
SSDEEP

3072:1G3HogISIE5Ttbn2HzcOcf8/zChIP0pIJVHeTV+MQ65LWAggEYlQ:1G3obMTtSH4Ocf8YpVQ6VnggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2504	Unicorn-63597.exe
2700	Unicorn-41275.exe
2856	Unicorn-26430.exe
2968	Unicorn-37274.exe
2628	Unicorn-37521.exe
2732	Unicorn-31489.exe
2188	Unicorn-11104.exe
2960	Unicorn-61657.exe
392	Unicorn-30793.exe
2312	Unicorn-37591.exe
1620	Unicorn-24662.exe
2904	Unicorn-29107.exe
3060	Unicorn-48973.exe
2616	Unicorn-54759.exe
2216	Unicorn-20965.exe
1824	Unicorn-22923.exe
1628	Unicorn-715.exe
1508	Unicorn-1736.exe
824	Unicorn-54370.exe
908	Unicorn-34504.exe
1868	Unicorn-10286.exe
2408	Unicorn-39984.exe
1660	Unicorn-40249.exe
2428	Unicorn-59438.exe
2296	Unicorn-53308.exe
828	Unicorn-1176.exe
1876	Unicorn-7306.exe
2564	Unicorn-64934.exe
1968	Unicorn-36378.exe
2000	Unicorn-6643.exe
1700	Unicorn-12082.exe
2252	Unicorn-28209.exe
2220	Unicorn-40721.exe
2712	Unicorn-58805.exe
2724	Unicorn-64935.exe
2784	Unicorn-35748.exe
2736	Unicorn-61614.exe
2620	Unicorn-4523.exe
2896	Unicorn-21159.exe
2640	Unicorn-50446.exe
2740	Unicorn-4774.exe
1032	Unicorn-6897.exe
2964	Unicorn-63504.exe
2464	Unicorn-16875.exe
2140	Unicorn-30610.exe
1104	Unicorn-36741.exe
2196	Unicorn-61290.exe
1920	Unicorn-61025.exe
2952	Unicorn-30699.exe
1480	Unicorn-48050.exe
2364	Unicorn-18241.exe
1832	Unicorn-64178.exe
2316	Unicorn-18507.exe
1688	Unicorn-25286.exe
896	Unicorn-45348.exe
928	Unicorn-65213.exe
1380	Unicorn-58723.exe
2016	Unicorn-58231.exe
3048	Unicorn-21539.exe
236	Unicorn-44964.exe
2992	Unicorn-48792.exe
2268	Unicorn-17574.exe
1340	Unicorn-44212.exe
1116	Unicorn-59337.exe

Loads dropped DLL 64 IoCs

pid	Process
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
2504	Unicorn-63597.exe
2504	Unicorn-63597.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
2856	Unicorn-26430.exe
2856	Unicorn-26430.exe
2504	Unicorn-63597.exe
2700	Unicorn-41275.exe
2700	Unicorn-41275.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
2504	Unicorn-63597.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
2968	Unicorn-37274.exe
2968	Unicorn-37274.exe
2628	Unicorn-37521.exe
2628	Unicorn-37521.exe
2504	Unicorn-63597.exe
2504	Unicorn-63597.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
2700	Unicorn-41275.exe
2700	Unicorn-41275.exe
2856	Unicorn-26430.exe
2856	Unicorn-26430.exe
2732	Unicorn-31489.exe
2732	Unicorn-31489.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
392	Unicorn-30793.exe
392	Unicorn-30793.exe
2960	Unicorn-61657.exe
2628	Unicorn-37521.exe
2960	Unicorn-61657.exe
2628	Unicorn-37521.exe
2968	Unicorn-37274.exe
2968	Unicorn-37274.exe
2732	Unicorn-31489.exe
3060	Unicorn-48973.exe
3060	Unicorn-48973.exe
2732	Unicorn-31489.exe
1620	Unicorn-24662.exe
1620	Unicorn-24662.exe
2504	Unicorn-63597.exe
2504	Unicorn-63597.exe
2904	Unicorn-29107.exe
2904	Unicorn-29107.exe
2616	Unicorn-54759.exe
2700	Unicorn-41275.exe
2616	Unicorn-54759.exe
2700	Unicorn-41275.exe
2856	Unicorn-26430.exe
2856	Unicorn-26430.exe
2312	Unicorn-37591.exe
2312	Unicorn-37591.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
2216	Unicorn-20965.exe
2216	Unicorn-20965.exe
392	Unicorn-30793.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2748	2188	WerFault.exe	35
2452	908	WerFault.exe	50
2924	2000	WerFault.exe	60
2796	2964	WerFault.exe	72
2248	2968	WerFault.exe	34
2148	2740	WerFault.exe	71
1520	2896	WerFault.exe	69
1108	2828	WerFault.exe	108
3052	1480	WerFault.exe	81
2692	2700	WerFault.exe	31
2696	556	WerFault.exe	111
2708	2616	WerFault.exe	43
1996	1968	WerFault.exe	59
2436	2756	WerFault.exe	110
2156	2992	WerFault.exe	92
3016	1920	WerFault.exe	79
1280	1116	WerFault.exe	96
1668	3048	WerFault.exe	90
468	2736	WerFault.exe	67
3080	2500	WerFault.exe	102
3460	1104	WerFault.exe	77
3468	1944	WerFault.exe	101
3484	828	WerFault.exe	56
3492	2504	WerFault.exe	30
3508	2952	WerFault.exe	80
3920	2408	WerFault.exe	52
3980	1856	WerFault.exe	120
4008	2448	WerFault.exe	107
4016	1340	WerFault.exe	95
3748	2208	WerFault.exe	99
3708	3060	WerFault.exe	44
3148	1708	WerFault.exe	144
3704	1500	WerFault.exe	122
3804	3020	WerFault.exe	121
3660	2648	WerFault.exe	146
4368	2984	WerFault.exe	161
4856	2360	WerFault.exe	112
5112	1380	WerFault.exe	88
4552	928	WerFault.exe	87
4776	2588	WerFault.exe	148
4732	1032	WerFault.exe	74
4728	1536	WerFault.exe	138
2280	896	WerFault.exe	86
5644	2108	WerFault.exe	175
6116	2128	WerFault.exe	134
6088	1916	WerFault.exe	105
5780	2724	WerFault.exe	65
5748	236	WerFault.exe	91
5856	1316	WerFault.exe	123
5660	1660	WerFault.exe	53
5264	2804	WerFault.exe	126
6284	2908	WerFault.exe	130
6992	2716	WerFault.exe	125
6772	2584	WerFault.exe	149
6848	1672	WerFault.exe	129
6832	2768	WerFault.exe	131
6880	2140	WerFault.exe	75
7140	1984	WerFault.exe	150
6908	2428	WerFault.exe	54
7088	1840	WerFault.exe	115
7100	2336	WerFault.exe	133
6744	1612	WerFault.exe	113
6664	632	WerFault.exe	119
7320	2712	WerFault.exe	64

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6062.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12142.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-830.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
2504	Unicorn-63597.exe
2700	Unicorn-41275.exe
2856	Unicorn-26430.exe
2968	Unicorn-37274.exe
2628	Unicorn-37521.exe
2732	Unicorn-31489.exe
2188	Unicorn-11104.exe
2960	Unicorn-61657.exe
392	Unicorn-30793.exe
2312	Unicorn-37591.exe
3060	Unicorn-48973.exe
1620	Unicorn-24662.exe
2904	Unicorn-29107.exe
2616	Unicorn-54759.exe
2216	Unicorn-20965.exe
1824	Unicorn-22923.exe
1628	Unicorn-715.exe
1508	Unicorn-1736.exe
824	Unicorn-54370.exe
908	Unicorn-34504.exe
1868	Unicorn-10286.exe
2408	Unicorn-39984.exe
1660	Unicorn-40249.exe
2428	Unicorn-59438.exe
2296	Unicorn-53308.exe
1876	Unicorn-7306.exe
828	Unicorn-1176.exe
2564	Unicorn-64934.exe
1968	Unicorn-36378.exe
2000	Unicorn-6643.exe
2220	Unicorn-40721.exe
1700	Unicorn-12082.exe
2724	Unicorn-64935.exe
2784	Unicorn-35748.exe
2252	Unicorn-28209.exe
2712	Unicorn-58805.exe
2736	Unicorn-61614.exe
2620	Unicorn-4523.exe
2896	Unicorn-21159.exe
1032	Unicorn-6897.exe
2964	Unicorn-63504.exe
2640	Unicorn-50446.exe
2140	Unicorn-30610.exe
2464	Unicorn-16875.exe
1104	Unicorn-36741.exe
2740	Unicorn-4774.exe
2952	Unicorn-30699.exe
2196	Unicorn-61290.exe
1920	Unicorn-61025.exe
1480	Unicorn-48050.exe
2316	Unicorn-18507.exe
1832	Unicorn-64178.exe
2364	Unicorn-18241.exe
1688	Unicorn-25286.exe
896	Unicorn-45348.exe
928	Unicorn-65213.exe
1380	Unicorn-58723.exe
2016	Unicorn-58231.exe
3048	Unicorn-21539.exe
236	Unicorn-44964.exe
2992	Unicorn-48792.exe
2268	Unicorn-17574.exe
1340	Unicorn-44212.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 572 wrote to memory of 2504	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	30
PID 572 wrote to memory of 2504	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	30
PID 572 wrote to memory of 2504	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	30
PID 572 wrote to memory of 2504	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	30
PID 2504 wrote to memory of 2700	2504	Unicorn-63597.exe	31
PID 2504 wrote to memory of 2700	2504	Unicorn-63597.exe	31
PID 2504 wrote to memory of 2700	2504	Unicorn-63597.exe	31
PID 2504 wrote to memory of 2700	2504	Unicorn-63597.exe	31
PID 572 wrote to memory of 2856	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	32
PID 572 wrote to memory of 2856	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	32
PID 572 wrote to memory of 2856	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	32
PID 572 wrote to memory of 2856	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	32
PID 2856 wrote to memory of 2732	2856	Unicorn-26430.exe	33
PID 2856 wrote to memory of 2732	2856	Unicorn-26430.exe	33
PID 2856 wrote to memory of 2732	2856	Unicorn-26430.exe	33
PID 2856 wrote to memory of 2732	2856	Unicorn-26430.exe	33
PID 2700 wrote to memory of 2188	2700	Unicorn-41275.exe	35
PID 2700 wrote to memory of 2188	2700	Unicorn-41275.exe	35
PID 2700 wrote to memory of 2188	2700	Unicorn-41275.exe	35
PID 2700 wrote to memory of 2188	2700	Unicorn-41275.exe	35
PID 2504 wrote to memory of 2968	2504	Unicorn-63597.exe	34
PID 2504 wrote to memory of 2968	2504	Unicorn-63597.exe	34
PID 2504 wrote to memory of 2968	2504	Unicorn-63597.exe	34
PID 2504 wrote to memory of 2968	2504	Unicorn-63597.exe	34
PID 572 wrote to memory of 2628	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	36
PID 572 wrote to memory of 2628	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	36
PID 572 wrote to memory of 2628	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	36
PID 572 wrote to memory of 2628	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	36
PID 2968 wrote to memory of 2960	2968	Unicorn-37274.exe	37
PID 2968 wrote to memory of 2960	2968	Unicorn-37274.exe	37
PID 2968 wrote to memory of 2960	2968	Unicorn-37274.exe	37
PID 2968 wrote to memory of 2960	2968	Unicorn-37274.exe	37
PID 2628 wrote to memory of 392	2628	Unicorn-37521.exe	38
PID 2628 wrote to memory of 392	2628	Unicorn-37521.exe	38
PID 2628 wrote to memory of 392	2628	Unicorn-37521.exe	38
PID 2628 wrote to memory of 392	2628	Unicorn-37521.exe	38
PID 2504 wrote to memory of 1620	2504	Unicorn-63597.exe	39
PID 2504 wrote to memory of 1620	2504	Unicorn-63597.exe	39
PID 2504 wrote to memory of 1620	2504	Unicorn-63597.exe	39
PID 2504 wrote to memory of 1620	2504	Unicorn-63597.exe	39
PID 572 wrote to memory of 2312	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	40
PID 572 wrote to memory of 2312	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	40
PID 572 wrote to memory of 2312	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	40
PID 572 wrote to memory of 2312	572	7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe	40
PID 2188 wrote to memory of 2748	2188	Unicorn-11104.exe	41
PID 2188 wrote to memory of 2748	2188	Unicorn-11104.exe	41
PID 2188 wrote to memory of 2748	2188	Unicorn-11104.exe	41
PID 2188 wrote to memory of 2748	2188	Unicorn-11104.exe	41
PID 2700 wrote to memory of 2904	2700	Unicorn-41275.exe	42
PID 2700 wrote to memory of 2904	2700	Unicorn-41275.exe	42
PID 2700 wrote to memory of 2904	2700	Unicorn-41275.exe	42
PID 2700 wrote to memory of 2904	2700	Unicorn-41275.exe	42
PID 2856 wrote to memory of 2616	2856	Unicorn-26430.exe	43
PID 2856 wrote to memory of 2616	2856	Unicorn-26430.exe	43
PID 2856 wrote to memory of 2616	2856	Unicorn-26430.exe	43
PID 2856 wrote to memory of 2616	2856	Unicorn-26430.exe	43
PID 2732 wrote to memory of 3060	2732	Unicorn-31489.exe	44
PID 2732 wrote to memory of 3060	2732	Unicorn-31489.exe	44
PID 2732 wrote to memory of 3060	2732	Unicorn-31489.exe	44
PID 2732 wrote to memory of 3060	2732	Unicorn-31489.exe	44
PID 392 wrote to memory of 2216	392	Unicorn-30793.exe	45
PID 392 wrote to memory of 2216	392	Unicorn-30793.exe	45
PID 392 wrote to memory of 2216	392	Unicorn-30793.exe	45
PID 392 wrote to memory of 2216	392	Unicorn-30793.exe	45

C:\Users\Admin\AppData\Local\Temp\7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe
"C:\Users\Admin\AppData\Local\Temp\7db4555225fee33882b0d0de8884af852a64b20c0c343e8c56510c90ce7563ea.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        8⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 212
        8⤵
        Program crash
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        7⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18729.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10745.exe
        7⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        7⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 248
        7⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        7⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 224
        7⤵
        Program crash
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        6⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        6⤵
        
        PID:5412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 248
        6⤵
        Program crash
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        7⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        7⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 228
        6⤵
        Program crash
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        6⤵
        
        PID:3248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        6⤵
        Program crash
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        5⤵
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        5⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        5⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
        6⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15434.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        7⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40580.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 248
        6⤵
        Program crash
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64121.exe
        6⤵
        
        PID:5636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 248
        6⤵
        Program crash
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        5⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8656.exe
        5⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        5⤵
        
        PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
        5⤵
        Program crash
        
        PID:3016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 244
      4⤵
      Program crash
      PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        9⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        9⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 228
        9⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24276.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        8⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 244
        8⤵
        Program crash
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38251.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        8⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 244
        8⤵
        Program crash
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30142.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        7⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        7⤵
        Program crash
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 244
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        7⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        7⤵
        Program crash
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64864.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        6⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        7⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        8⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        8⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 212
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
        7⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46584.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        7⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 224
        7⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
        6⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        7⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        6⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65386.exe
        6⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57281.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        7⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 248
        7⤵
        Program crash
        
        PID:6088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
        6⤵
        Program crash
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
        5⤵
        
        PID:2756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 224
        6⤵
        Program crash
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3868.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59093.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6298.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        5⤵
        
        PID:6760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 244
        5⤵
        
        PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53010.exe
        7⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
        7⤵
        Program crash
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6866.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        5⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57613.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        6⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        6⤵
        
        PID:6376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 224
        6⤵
        Program crash
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
        5⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        5⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        5⤵
        
        PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50619.exe
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        7⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        7⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 228
        7⤵
        Program crash
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52285.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        6⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        6⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        6⤵
        
        PID:7080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        6⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        5⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2764.exe
        6⤵
        
        PID:6476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 224
        6⤵
        Program crash
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19169.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51913.exe
        5⤵
        
        PID:7056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 248
        5⤵
        Program crash
        
        PID:7320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
      4⤵
      Program crash
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 244
        7⤵
        Program crash
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
        7⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
        6⤵
        
        PID:4068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        6⤵
        Program crash
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        5⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        7⤵
        
        PID:7824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        6⤵
        Program crash
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
        5⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        6⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        5⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
        5⤵
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        5⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64608.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        6⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        6⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
        6⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7976.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17750.exe
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 248
        5⤵
        
        PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13229.exe
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42951.exe
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
        5⤵
        
        PID:6420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 228
        5⤵
        
        PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
      4⤵
      PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30640.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
      4⤵
      PID:6640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
      4⤵
      PID:7476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 244
        5⤵
        Program crash
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
      4⤵
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        5⤵
        
        PID:4336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 244
        5⤵
        Program crash
        
        PID:6116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
      4⤵
      Program crash
      PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 224
      4⤵
      Program crash
      PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19802.exe
    3⤵
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
      4⤵
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 224
        5⤵
        Program crash
        
        PID:5856
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 248
      4⤵
      Program crash
      PID:3468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
      4⤵
      PID:5888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 248
      4⤵
      Program crash
      PID:6992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 248
    3⤵
    - Program crash
    PID:3492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 244
        7⤵
        Program crash
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60982.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 224
        7⤵
        Program crash
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46942.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64401.exe
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        6⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        6⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        6⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31363.exe
        6⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        6⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6044.exe
        6⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        5⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        6⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62139.exe
        6⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        6⤵
        
        PID:7480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        5⤵
        Program crash
        
        PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 244
        5⤵
        Program crash
        
        PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        5⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        6⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        6⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        6⤵
        
        PID:8180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        5⤵
        
        PID:6000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 248
        5⤵
        Program crash
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
      4⤵
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37815.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
        5⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        5⤵
        
        PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
      4⤵
      PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
      4⤵
      PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
      4⤵
      PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
      4⤵
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61290.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57874.exe
        6⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 224
        7⤵
        Program crash
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
        7⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 244
        7⤵
        Program crash
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16322.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59655.exe
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        6⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53219.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50979.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
        6⤵
        
        PID:6368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 248
        6⤵
        Program crash
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        6⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44782.exe
        5⤵
        
        PID:6316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 248
        5⤵
        Program crash
        
        PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        5⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        6⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        5⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        5⤵
        
        PID:7644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
      4⤵
      Program crash
      PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 224
        6⤵
        Program crash
        
        PID:3804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 248
        5⤵
        Program crash
        
        PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
      4⤵
      PID:1500
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 224
        5⤵
        Program crash
        
        PID:3704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 224
      4⤵
      Program crash
      PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11146.exe
        5⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        5⤵
        
        PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58380.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
      4⤵
      PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
      4⤵
      PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29590.exe
      4⤵
      PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
    3⤵
    PID:2648
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
      4⤵
      Program crash
      PID:3660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32542.exe
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
    3⤵
    PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
    3⤵
    PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
    3⤵
    PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
    3⤵
    PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
    3⤵
    PID:7944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
    3⤵
    PID:3572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20965.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        8⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        8⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        7⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 224
        7⤵
        Program crash
        
        PID:4552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        6⤵
        Program crash
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
        6⤵
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 244
        7⤵
        Program crash
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63581.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe
        7⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 228
        6⤵
        Program crash
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        5⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        6⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        6⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        6⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
        6⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28585.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        5⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        5⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26429.exe
        5⤵
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        5⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        5⤵
        
        PID:8024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        5⤵
        Program crash
        
        PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 244
        5⤵
        Program crash
        
        PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        5⤵
        
        PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
      4⤵
      PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
      4⤵
      PID:7776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
      4⤵
      PID:7620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
        5⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 228
        6⤵
        Program crash
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43305.exe
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        5⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        5⤵
        
        PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        5⤵
        
        PID:5440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
        5⤵
        Program crash
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43252.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
      4⤵
      PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
      4⤵
      PID:7584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        5⤵
        
        PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        5⤵
        
        PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57044.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
      4⤵
      PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
      4⤵
      PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
      4⤵
      PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
      4⤵
      PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
      4⤵
      PID:7784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
    3⤵
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19210.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe
      4⤵
      PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
      4⤵
      PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
      4⤵
      PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
      4⤵
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64554.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
      4⤵
      PID:5056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
    3⤵
    PID:3956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8187.exe
    3⤵
    PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
    3⤵
    PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
    3⤵
    PID:6452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16242.exe
    3⤵
    PID:6684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65091.exe
    3⤵
    PID:4804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7306.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
        5⤵
        
        PID:2828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 244
        6⤵
        Program crash
        
        PID:1108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 248
        5⤵
        Program crash
        
        PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
      4⤵
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
        5⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
        5⤵
        
        PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        5⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        5⤵
        
        PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
      4⤵
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
      4⤵
      PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47616.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
      4⤵
      PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
      4⤵
      PID:7848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        6⤵
        
        PID:3120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        6⤵
        Program crash
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54316.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27860.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
        5⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        5⤵
        
        PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        5⤵
        
        PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
      4⤵
      PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
      4⤵
      PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
      4⤵
      PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
    3⤵
    PID:2500
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 224
      4⤵
      Program crash
      PID:3080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
    3⤵
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
    3⤵
    PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
    3⤵
    PID:6096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
    3⤵
    PID:6404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
    3⤵
    PID:6692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44699.exe
    3⤵
    PID:7420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
    3⤵
    PID:7356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        5⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        5⤵
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        5⤵
        
        PID:7592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
      4⤵
      Program crash
      PID:468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
    3⤵
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
      4⤵
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        5⤵
        
        PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
      4⤵
      PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
      4⤵
      PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
      4⤵
      PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47740.exe
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
      4⤵
      PID:8088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
    3⤵
    PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
      4⤵
      PID:7924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
    3⤵
    PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
    3⤵
    PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
    3⤵
    PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
    3⤵
    PID:6424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
    3⤵
    PID:6712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40499.exe
    3⤵
    PID:7432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45490.exe
    3⤵
    PID:7252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4523.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12184.exe
    3⤵
    PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44743.exe
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
      4⤵
      PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
      4⤵
      PID:6976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
      4⤵
      PID:7316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65398.exe
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
    3⤵
    PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
    3⤵
    PID:2212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe
    3⤵
    PID:6776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
    3⤵
    PID:6600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
    3⤵
    PID:8168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
  2⤵
  PID:1856
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 220
    3⤵
    - Program crash
    PID:3980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
  2⤵
  PID:3500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
  2⤵
  PID:3312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
  2⤵
  PID:4224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
  2⤵
  PID:5908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
  2⤵
  PID:7016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
  2⤵
  PID:8156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe

Filesize
468KB

MD5
0bd3c4606e976f9d09e2aeff00080c11

SHA1
734a3ac13221e501ab28c453dfdd7df2bc179e51

SHA256
e77225f2030151143b89188b96c8125d4c293d26ac42d667c3d3116a611d773f

SHA512
619a94a60fce3809da07ad25d111c9ca183d8fdfde23b07c821cacb54248e41aa72ec462875a498ee43d87b316168d77563cb68ca5822c7751eeebc3727e7959

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe

Filesize
468KB

MD5
bf778ec5a1395b7df87c1e6a30a32fa1

SHA1
b926667cf403cb685fe94ad36b2e80c68cca04c3

SHA256
b74b755f26d618775dde971f090032a72704b62629ebd5e870bc181adf92ba02

SHA512
8348a0091846f9fcbef081daa54f53e4b067f392db5351236a8160d2253153631fd7a4438a7024a7959433b6f03243bdf0b779bf4ddfe5367d92f1db47237938

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe

Filesize
468KB

MD5
96cd058e8ddcac806b2eb56e47a317ba

SHA1
7fdd69aab7d0852560286b7e89235fedf3cc2b62

SHA256
9bafedc5aea5bd62c30e34efb20a0ac41d34250e48ba42b655b9e0c065a42dd2

SHA512
b4e491c4c51197490ac023e034206e31df54bab60674d83f06193aae6a7c411e20be5b6c4956d5531dcb95e1058cbef8031516e8d397ae103063ce27eeb21413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe

Filesize
468KB

MD5
2952a964a3401672a454eeb7ffe82228

SHA1
a2d279edc774a748f2ae085f906c763b2081d27e

SHA256
7f6b8b5d7171cff29e1a889ac76cc886ab1365f41f4a7fa858c4348ab1f7bb94

SHA512
9ce24c84ffe1383e1ea937f510181257d6d7b1bdc1f6f003827c84c620fe41d5c888f8888ffcd42302ebdf3ba13c51ceec9cb395750aa260056931fc53c7c911

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe

Filesize
468KB

MD5
a5b63e5c77da1b19cfdd273f9ee74df9

SHA1
dc14f2e518b6e179b85770d126ad526d64b4b081

SHA256
8ac08780956c171fd64715e6cfec0f4c14c4e03ac95988505120c60d23f2aace

SHA512
2d9b4275a62bf2255bbb4c738d886624cb83fd627147a3f849672f189104ed9d634e036fc72fdf0934032d09f47e4a50cf23c07f06cfed650119fa5b07f36f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe

Filesize
468KB

MD5
75777d1b7bb64d48ecd82a90d8270520

SHA1
99f7849f5cabc96738c530453f029460732830b4

SHA256
169333926ff20c74f589c6851680df758ccd74eaac536fb1c6df6ee567a1a593

SHA512
690ac05e74ac7269cfee894332dcb3a3bb5b6c185fb394c0fcdfec88a584cfc1484726fb520f23dd05b443b28c39875649bf43929d5b1acd0345bae37059a4ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe

Filesize
468KB

MD5
5e8a54a4fc173943f60da8dd12c19dfa

SHA1
c40e166ae60b272a732d7010108530724b990aef

SHA256
29d702d4dbf9afc7bb4eabafdbe0ec6b95aa102d8b2ee505dd5693b77c439e8f

SHA512
d145bf33416a431c7ead1320d2e07120aa3b3f0ef89e148d7eee21766e8af2a14c9f354b3b91f63b40b98452654081769843c568abb1a77b4398f2561e68d35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42326.exe

Filesize
468KB

MD5
9f20e636ce3e5253c959cc74de7404bb

SHA1
f7c9b48c1077e5824b9468a3f25a5e0e7948c1ff

SHA256
ac75af38af660a8a8dbece7a568265c83f40deb69442a6ed146a3df9a800c954

SHA512
b05b8daf41f52e25b86d1a93827b3dc45374f906307c2c9aaed87a17c7880dba34b7df142a68eb5712608283bc8465eeeb7213da809217b3eeef1b4a07d6d790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe

Filesize
468KB

MD5
8364e67d8068e08b73b97cc7ad08348e

SHA1
70ed77b9631fb4b66c6e7e3a4f593be8dc262efa

SHA256
1edb9c58450d2b46121c7b43c680b96fb32ee495da39d76c169036b0315d2ed7

SHA512
c8c0c2e1332e43c153487b2bdef0bc52c19f0e8e3dfeb5cfec2e215915a9a35b959b909cb20b2826754674f009487ac9863c9ebc6e0a323b0bd4cbf43d754b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe

Filesize
468KB

MD5
e979c7780ad8ceb1e85656a011dda4c4

SHA1
938cfd5ee70e3476ec2d71f2d8bda81221f554be

SHA256
0921f2d5fb80fbb36dd78ef7fbc61b9bb68f89ca3441655f61b77411d6f40316

SHA512
ec4c337dbaf60b60e9d466ddff402d617d74a2eb0019dedd98700fb05c0c42ff8826fa547d8bd6fc49df7e0b1e74a648c389b7f4fa6083d736c35b185de3c233

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20965.exe

Filesize
468KB

MD5
2af745bd9a86f8e7f684f32bb048d23e

SHA1
ecd5d63befeb3ba4bcfcae35b285a8d1e3a047f5

SHA256
666284038d251ce1da87871a0a2a489dcf6074ae3c1df68e2be57fb8d95cb3cb

SHA512
5acb539f23f31decdd67ba195a3f2181c342dd8b03fa76799b8eb90f22cad57824f4143521835d17a5a64a2ac1d136b5915a11cb46f685983715addea3a48742

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe

Filesize
468KB

MD5
75290ecfac7e2269edbab704d60311f8

SHA1
0fb8516cea1ecb360074484cad32a5e86d007905

SHA256
9bf4a1005b1e90598dcfd38ab6333c797f672d33ea3745c82d70bd5704b0c8f4

SHA512
5ed30bc53b8cf040298a2eb157311869e81682d122057332fac337e126dcfad6fddda6aa0faa8db260771cb713e24c797b35cc802ac8eaeabfdf9ad7d966d207

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe

Filesize
468KB

MD5
edb1b7d7d02d8f91749f9e1df17f575e

SHA1
a88d9d12db3e081ca1817d7a09e49389e076dd23

SHA256
04cab7f29e7b1a7061b6584b5d97ca366205086042e8bd052cd212b7aeaa76c5

SHA512
b868b01b5a4f008cbc21d4103ecf245b3423cac6e62056efc81c7c1e6f74463ea77876afe7a600a3694f8dde5737261cfedbcc563b46b18f71406a8f3b99913f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe

Filesize
468KB

MD5
2d155221fc7fc23495613e70b7360131

SHA1
e87f1fd625f6bc736ea58b81858ef96a8bcb9412

SHA256
1e2735722808133740f59e0472bf9dd6295deae64cfceb814ccaaa82505c9fe5

SHA512
15a90cb7e24c967abe519cf932e2ca424fff9b24af391cf1cdf261ff253ae5ccc5a81329c4312e83c48ed3d716f80a7e7752a38aecf650e3a0960d1467335c73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe

Filesize
468KB

MD5
35ee51a6ee7a6cb35b90fac4f464103c

SHA1
2343fb297578a526e86e15f6d434a6296d93b437

SHA256
515c3b2dc32e076a1cd3269dcc7b75982e3349baba032051d8d74e7c89716804

SHA512
65ffdab4226a7e679b8e1625856924aad32fdaa6be0585df1aace111dc90eb9b280c204cde1a98b825751fd282b0554185c0f21298efc0ace9836be79383f1c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe

Filesize
468KB

MD5
64c1306a85c2a587b05dc2aba53a5615

SHA1
4ae5fa2494e0f170cf3144a9fefc64790564d85d

SHA256
7d22c7b8bd9b07bfbaf1751b73b5a4f323001d7015351e2cbe94e8a750b03e5b

SHA512
90fd0b0b4e8faa6a9fbc1edc813527a43921581849b840e18e0d267a5613f6004879a20dd63fe0c7ada5baa203f2c718d40a77c7b3ccda216872a51085380f9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe

Filesize
468KB

MD5
216290546f05b9a51c60c90d888954c6

SHA1
23c0736a93b4b8ebc700e0f3c2dcee9dc386db0f

SHA256
7b44ed1f52c2cf8f64f8fe4b9a9cf9d7aba587ca40eb615cb412e404ba63c2c7

SHA512
b43151b92ed0d65716f5c253f207bafee6083151f498820af60e32f9515ba52bc6326662235e1de5d710966914c85332a8088ee6c101881c9b6c6cea5ed9490f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe

Filesize
468KB

MD5
4e03226d5e1a9ec8f65295dbf2457338

SHA1
958c36cd0674e5f2a8a3553dbe52deb3d6c5115c

SHA256
1317140d84dd13d03873505cf39450422db7e90884e1f20ebc0dc56e57f88b04

SHA512
562c3225e8b6a6b105381c591b1b9fa67a52cada78b0e9c52a0187be9af9284de574abcbf639235cd8c4c8b8165746b09821383d553a8ca4c4cd13eca8103316

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61657.exe

Filesize
468KB

MD5
aff7fbe85382fc50c917f95120e481c4

SHA1
a89f97637b72812f8f6d15b5a6b58998e4f5c7d1

SHA256
11f9f5ff599966b8e432ba0b0db9a825cb48f7fa7d990e956e56c500676e4efe

SHA512
6b9f83abbbdd12493d9f5aa34273d2eb60432fd7340d68e45728d4e8e6938b08582075aa3a0433b5036b52316d6482b82196cadb38b05809bbb792ed4dd2ade8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe

Filesize
468KB

MD5
7e194637ec718ce33eaccf2094158b4f

SHA1
656fbe3507ba511f36655a4d75ac0547c45330ea

SHA256
7979622a3fd91e7484642e99af36ea5064cceef0ba4d23c64ef1d7b90b4c42f8

SHA512
fde64c5c59cb58f1b88689c5e54b224d4646f92859084d53b13b687b24b7d6e65b0eb7e109c3d85096a9d6d5f5ccfbc24599558c03eaf98f84ecccb8a7fe1e7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-715.exe

Filesize
468KB

MD5
33303a7a3ebe257c3faff62e41e0f102

SHA1
c8157193474353cb3ab2290b5157a921171e4f45

SHA256
44532c32a8b7580bed4842713cdc8bc77615509ee792ddd0592d557347e3c711

SHA512
e6efce2f55870fa9686cae0462da8bec7a09e69d6fdaeca08f2df161c6b3c2b8c449a27ab42a9cbba1cf2218abb312cc9261b0870f0fb5555e15e79a2aa2186f

Download Submit