823ddc0210480b364c298ab5fba0ceaceb54c8da2d4052c16ca0c63c1d4604e8

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c664d74e951b21852e9308e679537b0N.exe
Size

468KB
MD5

8c664d74e951b21852e9308e679537b0
SHA1

79de7f1a618decc139c8f098e2d7b13e1ceebb99
SHA256

823ddc0210480b364c298ab5fba0ceaceb54c8da2d4052c16ca0c63c1d4604e8
SHA512

2b73e482a9461178b45a9e79177772d3888022b3fae4269a2aa02ebb37b506848e831bc7d0a60d038d4eb1a50e36e1545d939a2edca4e80fdf6c08a7c5d8dec0
SSDEEP

3072:1G3HogISIE5TtbY2HncOcf8/vChaP0p2JVHe+VPMQ7NLAK6gEVlr:1G3obMTtxHcOcfSYHpQ7pv6gE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1772	Unicorn-37677.exe
2340	Unicorn-64615.exe
2164	Unicorn-36581.exe
2752	Unicorn-60936.exe
1152	Unicorn-21941.exe
3000	Unicorn-28072.exe
2624	Unicorn-8206.exe
2056	Unicorn-23106.exe
1484	Unicorn-3048.exe
2088	Unicorn-30013.exe
2776	Unicorn-40028.exe
484	Unicorn-41362.exe
700	Unicorn-5544.exe
912	Unicorn-19279.exe
2084	Unicorn-45119.exe
2324	Unicorn-41397.exe
448	Unicorn-51087.exe
2568	Unicorn-20836.exe
2852	Unicorn-9478.exe
2980	Unicorn-16692.exe
2432	Unicorn-44974.exe
1592	Unicorn-20470.exe
1668	Unicorn-55534.exe
952	Unicorn-39420.exe
2292	Unicorn-45550.exe
1804	Unicorn-50703.exe
1840	Unicorn-25492.exe
1040	Unicorn-36925.exe
1504	Unicorn-41497.exe
2680	Unicorn-24454.exe
1244	Unicorn-44320.exe
2440	Unicorn-62694.exe
2904	Unicorn-60656.exe
2804	Unicorn-334.exe
2728	Unicorn-3863.exe
2796	Unicorn-44439.exe
2636	Unicorn-2711.exe
2888	Unicorn-7350.exe
2764	Unicorn-10687.exe
2664	Unicorn-2326.exe
872	Unicorn-27792.exe
1084	Unicorn-46663.exe
496	Unicorn-25496.exe
2928	Unicorn-8967.exe
2844	Unicorn-21473.exe
2364	Unicorn-21473.exe
2564	Unicorn-50576.exe
2016	Unicorn-306.exe
2448	Unicorn-24619.exe
1012	Unicorn-18488.exe
1712	Unicorn-45786.exe
848	Unicorn-14728.exe
2148	Unicorn-15490.exe
2264	Unicorn-25696.exe
2108	Unicorn-31827.exe
2516	Unicorn-40306.exe
3028	Unicorn-63186.exe
1540	Unicorn-43320.exe
908	Unicorn-31090.exe
1732	Unicorn-24767.exe
528	Unicorn-55402.exe
3048	Unicorn-1712.exe
2868	Unicorn-21578.exe
1596	Unicorn-6786.exe

Loads dropped DLL 64 IoCs

pid	Process
2684	8c664d74e951b21852e9308e679537b0N.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
1772	Unicorn-37677.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
1772	Unicorn-37677.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
2340	Unicorn-64615.exe
2340	Unicorn-64615.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
2164	Unicorn-36581.exe
1772	Unicorn-37677.exe
1772	Unicorn-37677.exe
2164	Unicorn-36581.exe
2752	Unicorn-60936.exe
2752	Unicorn-60936.exe
2340	Unicorn-64615.exe
2340	Unicorn-64615.exe
1152	Unicorn-21941.exe
1152	Unicorn-21941.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
2624	Unicorn-8206.exe
2624	Unicorn-8206.exe
1772	Unicorn-37677.exe
2164	Unicorn-36581.exe
2164	Unicorn-36581.exe
1772	Unicorn-37677.exe
2012	WerFault.exe
2012	WerFault.exe
2012	WerFault.exe
2012	WerFault.exe
2012	WerFault.exe
2056	Unicorn-23106.exe
2056	Unicorn-23106.exe
2752	Unicorn-60936.exe
2752	Unicorn-60936.exe
1484	Unicorn-3048.exe
1484	Unicorn-3048.exe
2340	Unicorn-64615.exe
2340	Unicorn-64615.exe
2776	Unicorn-40028.exe
2776	Unicorn-40028.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
2684	8c664d74e951b21852e9308e679537b0N.exe
484	Unicorn-41362.exe
484	Unicorn-41362.exe
700	Unicorn-5544.exe
700	Unicorn-5544.exe
2624	Unicorn-8206.exe
2624	Unicorn-8206.exe
2164	Unicorn-36581.exe
2164	Unicorn-36581.exe
2088	Unicorn-30013.exe
2088	Unicorn-30013.exe
912	Unicorn-19279.exe
912	Unicorn-19279.exe
1152	Unicorn-21941.exe
1152	Unicorn-21941.exe
1772	Unicorn-37677.exe
1772	Unicorn-37677.exe
2084	Unicorn-45119.exe
2084	Unicorn-45119.exe
2056	Unicorn-23106.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2012	3000	WerFault.exe	35
2096	1084	WerFault.exe	73
2708	496	WerFault.exe	74
2828	2844	WerFault.exe	77
2608	2904	WerFault.exe	64
1876	2148	WerFault.exe	84
668	2868	WerFault.exe	94
1344	2228	WerFault.exe	113
852	2364	WerFault.exe	76
2836	2780	WerFault.exe	101
2224	2980	WerFault.exe	51
844	2888	WerFault.exe	69
552	2928	WerFault.exe	75
3184	1352	WerFault.exe	108
3172	2492	WerFault.exe	98
3156	1108	WerFault.exe	114
3148	2972	WerFault.exe	115
3200	1616	WerFault.exe	144
3700	2016	WerFault.exe	79
3372	2264	WerFault.exe	85
3460	2336	WerFault.exe	117
3472	2004	WerFault.exe	131
3624	892	WerFault.exe	121
3612	888	WerFault.exe	120
3608	2356	WerFault.exe	140
3552	1756	WerFault.exe	119
3856	1712	WerFault.exe	82
3344	528	WerFault.exe	92
3332	2824	WerFault.exe	100
3876	1244	WerFault.exe	62
3380	1444	WerFault.exe	109
4092	2632	WerFault.exe	103
4148	2636	WerFault.exe	68
4160	2728	WerFault.exe	66
4128	2764	WerFault.exe	70
4120	1988	WerFault.exe	106
4112	2508	WerFault.exe	96
4204	2864	WerFault.exe	146
4264	1036	WerFault.exe	148
4884	484	WerFault.exe	43
4872	2092	WerFault.exe	111
4940	2832	WerFault.exe	102
4932	608	WerFault.exe	116
4924	2276	WerFault.exe	136
4356	848	WerFault.exe	83
4412	1804	WerFault.exe	57
4388	1592	WerFault.exe	53
4380	952	WerFault.exe	55
4500	2796	WerFault.exe	67
4488	2292	WerFault.exe	56
4516	1732	WerFault.exe	91
4480	2564	WerFault.exe	78
4472	1668	WerFault.exe	54
4724	2164	WerFault.exe	32
4680	2088	WerFault.exe	40
4648	1512	WerFault.exe	112
4636	2572	WerFault.exe	150
4564	1656	WerFault.exe	138
4544	2328	WerFault.exe	122
4520	2876	WerFault.exe	143
5184	1544	WerFault.exe	139
5196	1164	WerFault.exe	141
5344	1328	WerFault.exe	132
5356	1840	WerFault.exe	58

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30504.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46316.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2684	8c664d74e951b21852e9308e679537b0N.exe
1772	Unicorn-37677.exe
2340	Unicorn-64615.exe
2164	Unicorn-36581.exe
2752	Unicorn-60936.exe
1152	Unicorn-21941.exe
3000	Unicorn-28072.exe
2624	Unicorn-8206.exe
2056	Unicorn-23106.exe
1484	Unicorn-3048.exe
2776	Unicorn-40028.exe
484	Unicorn-41362.exe
912	Unicorn-19279.exe
2088	Unicorn-30013.exe
700	Unicorn-5544.exe
2084	Unicorn-45119.exe
2324	Unicorn-41397.exe
448	Unicorn-51087.exe
2568	Unicorn-20836.exe
2852	Unicorn-9478.exe
2980	Unicorn-16692.exe
2432	Unicorn-44974.exe
1592	Unicorn-20470.exe
1804	Unicorn-50703.exe
2292	Unicorn-45550.exe
1840	Unicorn-25492.exe
1668	Unicorn-55534.exe
952	Unicorn-39420.exe
1040	Unicorn-36925.exe
1504	Unicorn-41497.exe
2680	Unicorn-24454.exe
1244	Unicorn-44320.exe
2440	Unicorn-62694.exe
2904	Unicorn-60656.exe
2728	Unicorn-3863.exe
2804	Unicorn-334.exe
2796	Unicorn-44439.exe
2636	Unicorn-2711.exe
2764	Unicorn-10687.exe
2888	Unicorn-7350.exe
2664	Unicorn-2326.exe
872	Unicorn-27792.exe
1084	Unicorn-46663.exe
496	Unicorn-25496.exe
2928	Unicorn-8967.exe
2844	Unicorn-21473.exe
2364	Unicorn-21473.exe
2564	Unicorn-50576.exe
2016	Unicorn-306.exe
2448	Unicorn-24619.exe
1012	Unicorn-18488.exe
1712	Unicorn-45786.exe
2148	Unicorn-15490.exe
848	Unicorn-14728.exe
2516	Unicorn-40306.exe
2108	Unicorn-31827.exe
2264	Unicorn-25696.exe
3028	Unicorn-63186.exe
1540	Unicorn-43320.exe
908	Unicorn-31090.exe
1732	Unicorn-24767.exe
528	Unicorn-55402.exe
3048	Unicorn-1712.exe
2868	Unicorn-21578.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 1772	2684	8c664d74e951b21852e9308e679537b0N.exe	30
PID 2684 wrote to memory of 1772	2684	8c664d74e951b21852e9308e679537b0N.exe	30
PID 2684 wrote to memory of 1772	2684	8c664d74e951b21852e9308e679537b0N.exe	30
PID 2684 wrote to memory of 1772	2684	8c664d74e951b21852e9308e679537b0N.exe	30
PID 1772 wrote to memory of 2340	1772	Unicorn-37677.exe	31
PID 1772 wrote to memory of 2340	1772	Unicorn-37677.exe	31
PID 1772 wrote to memory of 2340	1772	Unicorn-37677.exe	31
PID 1772 wrote to memory of 2340	1772	Unicorn-37677.exe	31
PID 2684 wrote to memory of 2164	2684	8c664d74e951b21852e9308e679537b0N.exe	32
PID 2684 wrote to memory of 2164	2684	8c664d74e951b21852e9308e679537b0N.exe	32
PID 2684 wrote to memory of 2164	2684	8c664d74e951b21852e9308e679537b0N.exe	32
PID 2684 wrote to memory of 2164	2684	8c664d74e951b21852e9308e679537b0N.exe	32
PID 2340 wrote to memory of 2752	2340	Unicorn-64615.exe	33
PID 2340 wrote to memory of 2752	2340	Unicorn-64615.exe	33
PID 2340 wrote to memory of 2752	2340	Unicorn-64615.exe	33
PID 2340 wrote to memory of 2752	2340	Unicorn-64615.exe	33
PID 2684 wrote to memory of 1152	2684	8c664d74e951b21852e9308e679537b0N.exe	34
PID 2684 wrote to memory of 1152	2684	8c664d74e951b21852e9308e679537b0N.exe	34
PID 2684 wrote to memory of 1152	2684	8c664d74e951b21852e9308e679537b0N.exe	34
PID 2684 wrote to memory of 1152	2684	8c664d74e951b21852e9308e679537b0N.exe	34
PID 1772 wrote to memory of 2624	1772	Unicorn-37677.exe	36
PID 1772 wrote to memory of 2624	1772	Unicorn-37677.exe	36
PID 1772 wrote to memory of 2624	1772	Unicorn-37677.exe	36
PID 1772 wrote to memory of 2624	1772	Unicorn-37677.exe	36
PID 2164 wrote to memory of 3000	2164	Unicorn-36581.exe	35
PID 2164 wrote to memory of 3000	2164	Unicorn-36581.exe	35
PID 2164 wrote to memory of 3000	2164	Unicorn-36581.exe	35
PID 2164 wrote to memory of 3000	2164	Unicorn-36581.exe	35
PID 2752 wrote to memory of 2056	2752	Unicorn-60936.exe	38
PID 2752 wrote to memory of 2056	2752	Unicorn-60936.exe	38
PID 2752 wrote to memory of 2056	2752	Unicorn-60936.exe	38
PID 2752 wrote to memory of 2056	2752	Unicorn-60936.exe	38
PID 2340 wrote to memory of 1484	2340	Unicorn-64615.exe	39
PID 2340 wrote to memory of 1484	2340	Unicorn-64615.exe	39
PID 2340 wrote to memory of 1484	2340	Unicorn-64615.exe	39
PID 2340 wrote to memory of 1484	2340	Unicorn-64615.exe	39
PID 1152 wrote to memory of 2088	1152	Unicorn-21941.exe	40
PID 1152 wrote to memory of 2088	1152	Unicorn-21941.exe	40
PID 1152 wrote to memory of 2088	1152	Unicorn-21941.exe	40
PID 1152 wrote to memory of 2088	1152	Unicorn-21941.exe	40
PID 2684 wrote to memory of 2776	2684	8c664d74e951b21852e9308e679537b0N.exe	41
PID 2684 wrote to memory of 2776	2684	8c664d74e951b21852e9308e679537b0N.exe	41
PID 2684 wrote to memory of 2776	2684	8c664d74e951b21852e9308e679537b0N.exe	41
PID 2684 wrote to memory of 2776	2684	8c664d74e951b21852e9308e679537b0N.exe	41
PID 3000 wrote to memory of 2012	3000	Unicorn-28072.exe	42
PID 3000 wrote to memory of 2012	3000	Unicorn-28072.exe	42
PID 3000 wrote to memory of 2012	3000	Unicorn-28072.exe	42
PID 3000 wrote to memory of 2012	3000	Unicorn-28072.exe	42
PID 2624 wrote to memory of 484	2624	Unicorn-8206.exe	43
PID 2624 wrote to memory of 484	2624	Unicorn-8206.exe	43
PID 2624 wrote to memory of 484	2624	Unicorn-8206.exe	43
PID 2624 wrote to memory of 484	2624	Unicorn-8206.exe	43
PID 2164 wrote to memory of 700	2164	Unicorn-36581.exe	45
PID 2164 wrote to memory of 700	2164	Unicorn-36581.exe	45
PID 2164 wrote to memory of 700	2164	Unicorn-36581.exe	45
PID 2164 wrote to memory of 700	2164	Unicorn-36581.exe	45
PID 1772 wrote to memory of 912	1772	Unicorn-37677.exe	44
PID 1772 wrote to memory of 912	1772	Unicorn-37677.exe	44
PID 1772 wrote to memory of 912	1772	Unicorn-37677.exe	44
PID 1772 wrote to memory of 912	1772	Unicorn-37677.exe	44
PID 2056 wrote to memory of 2084	2056	Unicorn-23106.exe	46
PID 2056 wrote to memory of 2084	2056	Unicorn-23106.exe	46
PID 2056 wrote to memory of 2084	2056	Unicorn-23106.exe	46
PID 2056 wrote to memory of 2084	2056	Unicorn-23106.exe	46

C:\Users\Admin\AppData\Local\Temp\8c664d74e951b21852e9308e679537b0N.exe
"C:\Users\Admin\AppData\Local\Temp\8c664d74e951b21852e9308e679537b0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        10⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 248
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        9⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 244
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        9⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        9⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        8⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
        10⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32592.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 248
        9⤵
        Program crash
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        8⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        9⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
        8⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 248
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34290.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        8⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 248
        8⤵
        Program crash
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        7⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 244
        7⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        9⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 220
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
        8⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9605.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        7⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 248
        7⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        8⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 228
        8⤵
        Program crash
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        7⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 244
        7⤵
        Program crash
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9221.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        7⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 248
        7⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        6⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58950.exe
        6⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        6⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55402.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        9⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        9⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
        9⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 228
        8⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
        8⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46328.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 244
        7⤵
        Program crash
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        8⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 224
        8⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
        7⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        7⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44746.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        7⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49375.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        6⤵
        
        PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48578.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe
        7⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        8⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 248
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28926.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        7⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        6⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        7⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17088.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39917.exe
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6211.exe
        5⤵
        
        PID:2492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 244
        6⤵
        Program crash
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        6⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        6⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        5⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
        5⤵
        
        PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 244
        7⤵
        Program crash
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        6⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        8⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        8⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        7⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36526.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        7⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        6⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        7⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-979.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38785.exe
        6⤵
        
        PID:6172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 248
        6⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 224
        7⤵
        Program crash
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        7⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 224
        7⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58260.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        6⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        6⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9304.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 228
        7⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10348.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        6⤵
        
        PID:1628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
        6⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
        5⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60295.exe
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        5⤵
        
        PID:7528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        6⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 224
        7⤵
        Program crash
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        7⤵
        
        PID:8532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 244
        6⤵
        Program crash
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
        5⤵
        
        PID:1756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 244
        6⤵
        Program crash
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        5⤵
        
        PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        5⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        6⤵
        
        PID:3908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 228
        6⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        5⤵
        
        PID:3828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 244
        5⤵
        Program crash
        
        PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
      4⤵
      PID:892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 224
        5⤵
        Program crash
        
        PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
      4⤵
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50073.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
      4⤵
      PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
      4⤵
      PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13303.exe
      4⤵
      PID:6928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        8⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 224
        9⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 248
        8⤵
        Program crash
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 244
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33756.exe
        7⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 244
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        6⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 244
        7⤵
        Program crash
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 228
        7⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21665.exe
        6⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18386.exe
        6⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        6⤵
        Program crash
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
        5⤵
        
        PID:1108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 244
        6⤵
        Program crash
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        5⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
        6⤵
        
        PID:8560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
        5⤵
        Program crash
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        8⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        8⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        7⤵
        Program crash
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        7⤵
        
        PID:7860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 224
        6⤵
        Program crash
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
        5⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        6⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 228
        6⤵
        Program crash
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47419.exe
        6⤵
        
        PID:7320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 248
        5⤵
        Program crash
        
        PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        6⤵
        
        PID:3232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 228
        6⤵
        Program crash
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        5⤵
        
        PID:8128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
      4⤵
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        5⤵
        
        PID:3880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 216
        5⤵
        Program crash
        
        PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
      4⤵
      PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
      4⤵
      PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
      4⤵
      PID:8156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 224
        7⤵
        Program crash
        
        PID:3148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 248
        6⤵
        Program crash
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        5⤵
        
        PID:888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 244
        6⤵
        Program crash
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
        5⤵
        
        PID:3936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 248
        5⤵
        Program crash
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 244
        5⤵
        Program crash
        
        PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
        5⤵
        
        PID:3944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 228
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
      4⤵
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
      4⤵
      PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14944.exe
      4⤵
      PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
      4⤵
      PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
      4⤵
      PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36925.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        6⤵
        
        PID:4076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 228
        6⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
        5⤵
        
        PID:3988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 244
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
      4⤵
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        5⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 228
        6⤵
        
        PID:7600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3161.exe
        5⤵
        
        PID:4272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 244
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
      4⤵
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        5⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        5⤵
        
        PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
      4⤵
      PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
      4⤵
      PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
      4⤵
      PID:7352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14728.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
      4⤵
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        5⤵
        
        PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
      4⤵
      PID:3384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
      4⤵
      Program crash
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
    3⤵
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
      4⤵
      PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7420
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 228
      4⤵
      Program crash
      PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
    3⤵
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
      4⤵
      PID:8716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
    3⤵
    PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28843.exe
    3⤵
    PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
    3⤵
    PID:6156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
    3⤵
    PID:7928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
    3⤵
    PID:7668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 224
        6⤵
        Program crash
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57021.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31314.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        6⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46639.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
        5⤵
        
        PID:3412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 248
        5⤵
        Program crash
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
        5⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        6⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63007.exe
        6⤵
        
        PID:7992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 248
        5⤵
        Program crash
        
        PID:852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
      4⤵
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        6⤵
        
        PID:7888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 248
        5⤵
        Program crash
        
        PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
      4⤵
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        5⤵
        
        PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        5⤵
        
        PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
      4⤵
      PID:4140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13298.exe
      4⤵
      PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27137.exe
      4⤵
      PID:5640
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 248
      4⤵
      PID:6960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31827.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41807.exe
        6⤵
        
        PID:3968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 228
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        5⤵
        
        PID:3748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 244
        5⤵
        
        PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
      4⤵
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50177.exe
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        6⤵
        
        PID:7764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 248
        5⤵
        Program crash
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
      4⤵
      PID:4052
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 248
      4⤵
      Program crash
      PID:4380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        5⤵
        
        PID:3288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 228
        5⤵
        
        PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
      4⤵
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
      4⤵
      PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
      4⤵
      PID:7784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
    3⤵
    PID:2004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 224
      4⤵
      Program crash
      PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5848.exe
    3⤵
    PID:3440
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 244
    3⤵
    - Program crash
    PID:4724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-306.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        7⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 248
        7⤵
        Program crash
        
        PID:4648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 248
        6⤵
        Program crash
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        5⤵
        
        PID:2336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        6⤵
        Program crash
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        6⤵
        
        PID:8268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 248
        5⤵
        Program crash
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        5⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
        6⤵
        
        PID:4072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
        6⤵
        Program crash
        
        PID:5184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        5⤵
        Program crash
        
        PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
      4⤵
      PID:2356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 224
        5⤵
        Program crash
        
        PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
      4⤵
      PID:3676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 224
      4⤵
      Program crash
      PID:4680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        5⤵
        Program crash
        
        PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
      4⤵
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        5⤵
        
        PID:3368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 248
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18359.exe
      4⤵
      PID:3884
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
      4⤵
      Program crash
      PID:5356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25696.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
      4⤵
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15444.exe
        5⤵
        
        PID:3116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 228
        5⤵
        Program crash
        
        PID:5344
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
      4⤵
      Program crash
      PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
    3⤵
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
      4⤵
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        5⤵
        
        PID:7736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
        5⤵
        
        PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53431.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
      4⤵
      PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
      4⤵
      PID:6212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 224
      4⤵
      PID:6260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
    3⤵
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
      4⤵
      PID:6724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
    3⤵
    PID:4300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
    3⤵
    PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
    3⤵
    PID:6272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
    3⤵
    PID:6236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17251.exe
    3⤵
    PID:8024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61925.exe
        5⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
        7⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 224
        7⤵
        
        PID:7540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 248
        6⤵
        Program crash
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28384.exe
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        6⤵
        
        PID:7756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 220
        6⤵
        
        PID:8524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 244
        5⤵
        Program crash
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 224
        6⤵
        Program crash
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
        5⤵
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        5⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57328.exe
        5⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        5⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
        5⤵
        
        PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
      4⤵
      PID:2864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 224
        5⤵
        Program crash
        
        PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
      4⤵
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
      4⤵
      PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
      4⤵
      PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
        6⤵
        
        PID:8168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60408.exe
        6⤵
        
        PID:7260
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 248
        5⤵
        Program crash
        
        PID:4940
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 248
      4⤵
      Program crash
      PID:844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
      4⤵
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        5⤵
        
        PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
      4⤵
      PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6860
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 228
      4⤵
      PID:7356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
    3⤵
    PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
      4⤵
      PID:7752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
    3⤵
    PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
    3⤵
    PID:5760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
    3⤵
    PID:6656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
    3⤵
    PID:7028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17192.exe
    3⤵
    PID:7644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17276.exe
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        6⤵
        
        PID:7068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 228
        6⤵
        
        PID:7660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 248
        5⤵
        Program crash
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59590.exe
      4⤵
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
        5⤵
        
        PID:6952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 224
        5⤵
        
        PID:7776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 244
      4⤵
      Program crash
      PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1352
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 224
      4⤵
      Program crash
      PID:3184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 244
    3⤵
    - Program crash
    PID:2224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38381.exe
    3⤵
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
      4⤵
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        5⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        5⤵
        
        PID:6244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 248
      4⤵
      Program crash
      PID:4092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
    3⤵
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
      4⤵
      PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30331.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
    3⤵
    PID:944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 248
    3⤵
    PID:6184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54869.exe
  2⤵
  PID:1236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3934.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
      4⤵
      PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43880.exe
      4⤵
      PID:8004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
    3⤵
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
    3⤵
    PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
    3⤵
    PID:6296
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 244
    3⤵
    PID:6288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44283.exe
  2⤵
  PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
    3⤵
    PID:8620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
  2⤵
  PID:4776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37101.exe
  2⤵
  PID:5532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
  2⤵
  PID:6460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42352.exe
  2⤵
  PID:7080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe

Filesize
468KB

MD5
a49a78387a8fb5e21fc3600f3db92de2

SHA1
0e8ab152d912dcab7507bd114e915021bfb4480e

SHA256
f2c1f83ecdef1be2874941e12d8b7b1e85c8e48a5a07fde1525ef678588890e9

SHA512
2fe273eed5006e122b9bdefb9276b44be3d88bdc5b6cf47bd5621e22f115a7507019a448d45f4efece1e04f2b272da69040ffa2011b96be89fc6f89d3be29335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe

Filesize
468KB

MD5
d1f223d869189a29490cfe763b33c440

SHA1
c2d195ab79999390b378876ff82e16a6f61ebebe

SHA256
fd2fe43e32c2c63f6dab726158b59b5567e0539f865584675b6eff124c77d7e1

SHA512
6477dbfa55eff25deadd9598aec0af707c952d42c883c8de760700d14a4d20d2afeb8164bc0363e1cc6a4cae14bde638fbf0c3346e20ed7b3c2d2af06f07f041

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23106.exe

Filesize
468KB

MD5
05069e09565ad5567518f477b8e3a02f

SHA1
424a2a72225fe59820d67cc1c44596ca46972123

SHA256
33afd329611f190fbc6ff18dabbe4fba79865fda507cef7573b355e7db44c940

SHA512
67f81cfe4916fbb272e2b44b885d2077cf11755935044afbac38abc3a75836778dd3e60fd6a86ff75c2b9e8c45c66d764ab4d738ccd61072da7881656f9bb840

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe

Filesize
468KB

MD5
4736270de6a56819af4bf80e08d5e7b5

SHA1
4041f2e0fe6a58eae181a42b29f3d5eaa2617503

SHA256
2198e51d8ce3af8fc0d8ff8fa638fb4cd8f7fe683aa92d914cba05888711d25c

SHA512
57dd03096cc88b0b2f0fa13db822f0c96dfb4eeff352c28ee688e4840076215dfab18a09f022918f1c4fad389799f1b72e2381afd895d2e36ae10b9dd490f9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe

Filesize
468KB

MD5
18d80c16b92bb6e7fa7fe5bdbdf14072

SHA1
e683ea40aed86f9b18a916fff556a7d108085692

SHA256
135a5540ab539521474484b5222714bc1e855cc77a4b9c558b06c3479a259f44

SHA512
452904252c7727fc6556a4e584a616c5f16bd81b8a721d955266b4313de53d04a6db1d27ed8190274a295882534f493a2d75d9b480a2e4f9ecff6f61a23e885f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe

Filesize
468KB

MD5
c8326b23699f56d5b85dffa460735842

SHA1
d2d005d5e49b1737f0936f6af808c43d4bce62a5

SHA256
43ab0fae941f62d634ef27a0b7ddb6d09ccb27270cca870c72cf90635c1dcfe5

SHA512
ec0884f65d791ef9d65a28c3607d517889ab121761536952b1d9a6f855ffad9fc8bebb04f61bb7cc40d89a8afa37b46161a94baa618f83c958bf4fba9418b6f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe

Filesize
468KB

MD5
010130eac71c58a190f86164cb6e0b84

SHA1
ff03a0bf7239642fe46796f88f0656f558f423e7

SHA256
ed4585b9018e06bca5c1a981207688396d239cedca64627264bb26121aa0d57f

SHA512
10b68c192edd1c19acb005f7d2dd647687d2b2335969b33824675ecc794b17d01116fbcdcaea13f79f1e77505440199d2d8e214cf8659ae02dcd50b3bf5ad619

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe

Filesize
468KB

MD5
14073e2f22cda6bd4d93fc47e1f56bdd

SHA1
9a6a3eebf73b5ccf12ad614c694d580683f5cb26

SHA256
97acecc5d4adfdf7e30b4459b03fa3229d12ccd6fe1c8385a24ed0b4e85fb476

SHA512
16d50225eb5303f089f627ca6ebab7d1be2156049a0c6e855e5904b7c9a8c33ce745186b335b72d8476274f67be1b33a0d9c8fe866907f781449245d0a27d045

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe

Filesize
468KB

MD5
872b1e0c8c2facaef3f37aac20f162c5

SHA1
1b53e79c6d4b9e03bee0e67b9e6abee2a17180b8

SHA256
dfdc897cb06aa75647f6320e7a8072df823761c99d7c62462479009d0de4d8dd

SHA512
cb866fe412dd8e88bc7b6afeeb631fbb15ecdc9586dc8f516637f8aadba20f21d1ff2ab49f845815db13337b515cc62edb6c0b9f26fda3824138864faa738fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe

Filesize
468KB

MD5
05a16775e3ce48c676388a77104d163b

SHA1
814f3976ad7c8486441523425cc73e037287743b

SHA256
c6395f83a03cf2524f9a47d7f96645c4bbde79d284fb38a3e8f478f5c26a6041

SHA512
9412b06b1e97626e605fcf90e45bca3991746fdaa93eedd66f21ba15697b3d05e6ad172e8aa6059e7ff6ad90cb0c281b66fe7bfa3968cf4672845e75110da412

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe

Filesize
468KB

MD5
e997c8643287be6498e2d8bd7a668367

SHA1
4dd9f14debc8d7b997ef049d381803ecbbbb850e

SHA256
abc633ec5b7d8a9902dc3442892d5a47da0994a20624a9d7d910bbeabf7baaf3

SHA512
383e8ad1269a774c71878b2243333154e17eb4aa7ef86da405e6e4349f69a2890437a6a633b14b402028d959ab92faca4326262e1d98154c1c316d9a4dac848a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe

Filesize
468KB

MD5
1fc4068306cf3b308901fc3ca5502dc9

SHA1
8f2ae55047b8895a6c1f08de6fefa8598d7c45e1

SHA256
45b34b6db44caccce2617131af992ae04a54daca78203c3fcb831be3e179d270

SHA512
2b1062f51f7c19251b5722620cf6a943cae1b8436d64c4f9eb17a17ba19d054bbdefb2f21e083c5fecbf02da4a195c246cd213e63fe752481957f1eca75e5b66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe

Filesize
468KB

MD5
1e8cd1744c1367ba679bbc6610bed39f

SHA1
b651a9d3fdea4652afdb5ecfd0ab767102f0acbc

SHA256
0dfc377a8a37bdf1cbed137003c83eb159e3f921f0c8b4efdf9a2b1d0ed5635d

SHA512
53ad43508d62e087b75e0de1b2244558553fb60accea67f6b26fba7b396748b1d0ae2ec91048cade07d5ff3bcab9d066f830c53be8d634e2898d72b62b26c570

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe

Filesize
468KB

MD5
c3379976555446542eb776c5284e464d

SHA1
e92fc8bda34dde55784cf6ffe494bc86c9fdcd6e

SHA256
670148fde3da0aa38683a3adf3f9465eead3cf1a57b18136b2d772e1c091e1ce

SHA512
21e909088225a8bcefe437ef72d2dd12f06e74031ee6e0751562dadd806fe03fdee74f2bc261911c1d1381c6a538604a3e6a5d1abf20adec7c90db59fe684e00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe

Filesize
468KB

MD5
1c23ec1df3f4dc9065deb197e9fa36b6

SHA1
0921a4d0129fc606a1f034f4728d99beccd78edd

SHA256
8e3e103530521c0b57d0264a55c98be4bad2b97d4c29498167be0da72928fa87

SHA512
3909afab989ddf35fc3a09c9a0302e4e5b28789525a43d7a98095ba15137392573a92d1b9953f3348ffb12d80ed16b76148113a9107c34328b16b72322f57258

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe

Filesize
468KB

MD5
73145e06c059227f1465bdfbd1153ee7

SHA1
c314c4119082d0eb8ce62b7c4b7e087fe70c52c4

SHA256
d66bafb908000d2ebdad3b84a337f53504b2fa52e0f2e769318b7ac9bdaffd29

SHA512
7181ca25cc9df7d5617c829aa1d89d6e887a5eca2d0c4d6deebc0dbb5aa3d1374b710fc421718deb6826d781f45ba575010c31bad00f4c157304d0fbf6ea5ca8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe

Filesize
468KB

MD5
23de2fc895d627a3b26f5bf915da4fc0

SHA1
db0e294f135000c71818227f93eb86349692fb30

SHA256
0d10961588dda71384b89580c324a2a01b0595f58e049ba095d106f532586fff

SHA512
8d9d3d3d9176119bf2755454c0e566d3f21ae6ee54863c49980531bb56589a39c4e1198930d8f81698bf052eb0a2d82bb5576d2c285d4ace7472b41fc8a04be6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe

Filesize
468KB

MD5
3853e4829a3461f818780ffd0d800c08

SHA1
68a1dc5bb5ad6a83ed0880c1d8e157814d1df430

SHA256
5c773cb170839a8312a651873482caeb19040cc0a728248a56d1cdf083d70fbc

SHA512
b0c71c0bd4d778bbc9a723a8accd4bf5b3d204d7e953c19325935b9301e47984300fd42590ab8e8e233a3a63060f0f81428d38df414a64f34e6e7a84ebe23001

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe

Filesize
468KB

MD5
eca743fba271ae59560d20c1eac25f76

SHA1
024a25fd6987bfbeb7250dff685b6f4003afb71a

SHA256
6348ea52be71ec73a353b3365f62d23ca7ddddbe6a0fba6771f0a689d51926af

SHA512
16ca9c866f24e72b44fe1a5f4a52c66c6e0e23238f98a65255b8f16268f9b2da5a3f825942d410d8ac46c2890373b695a7d94694ef0ed16a3cc61e306bdf7686

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe

Filesize
468KB

MD5
9d353fe9fa9196910dbb4b5c7d9a7d16

SHA1
dccd49c3631baf9cb2f450afbfc3c8e90e8c103a

SHA256
bcd4de4464dffd7223b8ca09e08bbd5fc3b0a1eb1ae5b9295fcd49ec04cbdb27

SHA512
b227eaf5c5f83884747485c2e62f51f81d5657953b23ebfc7c24f3699d55d3511f0e0526a3e8f19787d0606548044adc1c4af948f5f770f6bc6fec5881b64e45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe

Filesize
468KB

MD5
ce1e62982056eac8078c95e1a1436167

SHA1
3d990fe4569dd5154f2d74ce7f73fe750a42168b

SHA256
0cefd606bd3110d92e1e834fd09b16178b6038a78a002fae41b54a067a617717

SHA512
66ff5d796af4939dc17cd81297b3f9847fdc0ede5a562416e363eb296d2ff3328999e1101c312374e56308646b3e6a00e041f3f38f3dc387b73e79975bf8245f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe

Filesize
468KB

MD5
161fcd5644f204e8ffd87db9c91589f4

SHA1
d7890e0e38415df76fd4332ebab4003d6314607e

SHA256
f8fcbfe6bf4702dc833e7a562d47cb8c348597652d3f976ab2471fac47329021

SHA512
e250a5fb9ae92ba2c8346f487bdafbf219cf0ffd9ffeeb7f52871ffd35a088121c6db0b97bcdaf38a771e0e254e41278837e17212765a092465f140d9b300ec4

Download Submit