9b6d8908303c1bf1cd8558e644328528d1c258503c5868365dbe17152a6ea3a9

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66c6ed8ef5d273a9d8a874129f770010N.exe
Size

468KB
MD5

66c6ed8ef5d273a9d8a874129f770010
SHA1

23c23fe0cfcd0c4ebc80460893947c99a623905d
SHA256

9b6d8908303c1bf1cd8558e644328528d1c258503c5868365dbe17152a6ea3a9
SHA512

8d866db9a59ab8f3d2ee5f76f97130dc7e8f74d682dc5df3eed4f8826bdd5452cb735ac2c46bafaa6403a22fe9f4a2b9eca4efd0f5055fafbbda273c3e49e522
SSDEEP

3072:CG3HogISIE5TtbY2HncOcf8/vChaP0pAJVHbTVPDa78L67vgEXl0:CG3obMTtxHcOcfSYkda724vgE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1916	Unicorn-30922.exe
1796	Unicorn-50076.exe
2112	Unicorn-38378.exe
1332	Unicorn-19371.exe
1060	Unicorn-65234.exe
2148	Unicorn-3226.exe
2636	Unicorn-21792.exe
2604	Unicorn-50813.exe
2784	Unicorn-14611.exe
2520	Unicorn-59173.exe
2756	Unicorn-53235.exe
2572	Unicorn-26693.exe
1104	Unicorn-7896.exe
3044	Unicorn-27762.exe
1256	Unicorn-41441.exe
2020	Unicorn-13667.exe
2588	Unicorn-18690.exe
2824	Unicorn-31924.exe
2596	Unicorn-40284.exe
1888	Unicorn-20418.exe
852	Unicorn-34537.exe
1872	Unicorn-32500.exe
1348	Unicorn-34729.exe
1160	Unicorn-3122.exe
1844	Unicorn-22988.exe
780	Unicorn-30585.exe
2076	Unicorn-65089.exe
2912	Unicorn-45224.exe
1748	Unicorn-14746.exe
2184	Unicorn-8221.exe
1580	Unicorn-21220.exe
1688	Unicorn-43883.exe
1904	Unicorn-46113.exe
3068	Unicorn-27739.exe
2424	Unicorn-40737.exe
2104	Unicorn-49098.exe
1896	Unicorn-3426.exe
2120	Unicorn-20456.exe
2712	Unicorn-29275.exe
2804	Unicorn-46872.exe
2900	Unicorn-27006.exe
2492	Unicorn-1158.exe
2996	Unicorn-44758.exe
2576	Unicorn-4422.exe
2808	Unicorn-53888.exe
2992	Unicorn-64286.exe
2040	Unicorn-4879.exe
2744	Unicorn-13047.exe
2836	Unicorn-53510.exe
2016	Unicorn-62175.exe
2984	Unicorn-1734.exe
2204	Unicorn-21600.exe
2828	Unicorn-21245.exe
1096	Unicorn-11916.exe
1764	Unicorn-10115.exe
1064	Unicorn-13644.exe
568	Unicorn-5668.exe
1528	Unicorn-65075.exe
2064	Unicorn-51532.exe
2380	Unicorn-14220.exe
2364	Unicorn-12876.exe
1732	Unicorn-50380.exe
2268	Unicorn-40872.exe
3048	Unicorn-37765.exe

Loads dropped DLL 64 IoCs

pid	Process
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
1916	Unicorn-30922.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
1916	Unicorn-30922.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
1796	Unicorn-50076.exe
1796	Unicorn-50076.exe
1916	Unicorn-30922.exe
1916	Unicorn-30922.exe
2112	Unicorn-38378.exe
2112	Unicorn-38378.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
1332	Unicorn-19371.exe
1332	Unicorn-19371.exe
1796	Unicorn-50076.exe
1796	Unicorn-50076.exe
1060	Unicorn-65234.exe
1060	Unicorn-65234.exe
1916	Unicorn-30922.exe
1916	Unicorn-30922.exe
2148	Unicorn-3226.exe
2148	Unicorn-3226.exe
2636	Unicorn-21792.exe
2112	Unicorn-38378.exe
2636	Unicorn-21792.exe
2112	Unicorn-38378.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
2604	Unicorn-50813.exe
2604	Unicorn-50813.exe
1332	Unicorn-19371.exe
1332	Unicorn-19371.exe
2520	Unicorn-59173.exe
2520	Unicorn-59173.exe
1060	Unicorn-65234.exe
2784	Unicorn-14611.exe
1060	Unicorn-65234.exe
2784	Unicorn-14611.exe
1796	Unicorn-50076.exe
1796	Unicorn-50076.exe
1104	Unicorn-7896.exe
1104	Unicorn-7896.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
2112	Unicorn-38378.exe
2112	Unicorn-38378.exe
2148	Unicorn-3226.exe
2148	Unicorn-3226.exe
1256	Unicorn-41441.exe
1256	Unicorn-41441.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
1800	WerFault.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
2084	WerFault.exe
2636	Unicorn-21792.exe
2756	Unicorn-53235.exe
2756	Unicorn-53235.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2084	2572	WerFault.exe	39
1800	3044	WerFault.exe	40
2108	2824	WerFault.exe	47
2788	780	WerFault.exe	57
1880	2076	WerFault.exe	59
584	852	WerFault.exe	50
2188	1904	WerFault.exe	64
2508	2712	WerFault.exe	71
1956	2836	WerFault.exe	85
2864	2204	WerFault.exe	87
2252	2984	WerFault.exe	86
700	568	WerFault.exe	93
2956	2748	WerFault.exe	108
3232	2744	WerFault.exe	83
3372	1296	WerFault.exe	118
3612	2520	WerFault.exe	37
3648	2492	WerFault.exe	76
3752	844	WerFault.exe	151
3264	1304	WerFault.exe	109
3144	3048	WerFault.exe	99
3472	2064	WerFault.exe	94
3520	1764	WerFault.exe	90
3428	2020	WerFault.exe	45
3580	2416	WerFault.exe	100
3700	2096	WerFault.exe	161
3596	1776	WerFault.exe	119
3080	1668	WerFault.exe	165
4420	2996	WerFault.exe	77
4564	2832	WerFault.exe	112
4808	2696	WerFault.exe	126
4800	2016	WerFault.exe	84
4792	2828	WerFault.exe	88
4784	2916	WerFault.exe	120
4776	2896	WerFault.exe	128
4864	2304	WerFault.exe	170
4844	3036	WerFault.exe	173
4896	2180	WerFault.exe	168
4884	1700	WerFault.exe	180
4912	2316	WerFault.exe	166
4236	2776	WerFault.exe	104
5084	2280	WerFault.exe	149
5188	2860	WerFault.exe	143
5604	2664	WerFault.exe	106
5616	2728	WerFault.exe	103
5624	1896	WerFault.exe	69
5640	2900	WerFault.exe	75
5660	1844	WerFault.exe	56
5668	2184	WerFault.exe	61
5708	1528	WerFault.exe	92
5716	2140	WerFault.exe	101
5732	2268	WerFault.exe	98
5724	2104	WerFault.exe	68
5740	2952	WerFault.exe	152
5748	884	WerFault.exe	159
5764	2960	WerFault.exe	163
5756	3016	WerFault.exe	160
5772	3012	WerFault.exe	167
5788	1888	WerFault.exe	48
5796	2588	WerFault.exe	46
5812	1560	WerFault.exe	110
5804	2120	WerFault.exe	70
5832	588	WerFault.exe	148
5844	1532	WerFault.exe	150
5824	2992	WerFault.exe	80

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62137.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2292	66c6ed8ef5d273a9d8a874129f770010N.exe
1916	Unicorn-30922.exe
1796	Unicorn-50076.exe
2112	Unicorn-38378.exe
1332	Unicorn-19371.exe
1060	Unicorn-65234.exe
2148	Unicorn-3226.exe
2636	Unicorn-21792.exe
2604	Unicorn-50813.exe
2784	Unicorn-14611.exe
2520	Unicorn-59173.exe
1104	Unicorn-7896.exe
3044	Unicorn-27762.exe
2572	Unicorn-26693.exe
2756	Unicorn-53235.exe
1256	Unicorn-41441.exe
2020	Unicorn-13667.exe
2588	Unicorn-18690.exe
2596	Unicorn-40284.exe
2824	Unicorn-31924.exe
1888	Unicorn-20418.exe
1872	Unicorn-32500.exe
852	Unicorn-34537.exe
1160	Unicorn-3122.exe
1348	Unicorn-34729.exe
1844	Unicorn-22988.exe
780	Unicorn-30585.exe
2076	Unicorn-65089.exe
2912	Unicorn-45224.exe
1748	Unicorn-14746.exe
2184	Unicorn-8221.exe
1580	Unicorn-21220.exe
1688	Unicorn-43883.exe
1904	Unicorn-46113.exe
3068	Unicorn-27739.exe
2424	Unicorn-40737.exe
1896	Unicorn-3426.exe
2104	Unicorn-49098.exe
2120	Unicorn-20456.exe
2712	Unicorn-29275.exe
2804	Unicorn-46872.exe
2900	Unicorn-27006.exe
2492	Unicorn-1158.exe
2996	Unicorn-44758.exe
2576	Unicorn-4422.exe
2808	Unicorn-53888.exe
2992	Unicorn-64286.exe
2040	Unicorn-4879.exe
2744	Unicorn-13047.exe
2836	Unicorn-53510.exe
2016	Unicorn-62175.exe
2204	Unicorn-21600.exe
2984	Unicorn-1734.exe
2828	Unicorn-21245.exe
1096	Unicorn-11916.exe
1764	Unicorn-10115.exe
1064	Unicorn-13644.exe
1528	Unicorn-65075.exe
568	Unicorn-5668.exe
2064	Unicorn-51532.exe
2380	Unicorn-14220.exe
2364	Unicorn-12876.exe
1732	Unicorn-50380.exe
3048	Unicorn-37765.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1916	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	28
PID 2292 wrote to memory of 1916	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	28
PID 2292 wrote to memory of 1916	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	28
PID 2292 wrote to memory of 1916	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	28
PID 1916 wrote to memory of 1796	1916	Unicorn-30922.exe	29
PID 1916 wrote to memory of 1796	1916	Unicorn-30922.exe	29
PID 1916 wrote to memory of 1796	1916	Unicorn-30922.exe	29
PID 1916 wrote to memory of 1796	1916	Unicorn-30922.exe	29
PID 2292 wrote to memory of 2112	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	30
PID 2292 wrote to memory of 2112	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	30
PID 2292 wrote to memory of 2112	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	30
PID 2292 wrote to memory of 2112	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	30
PID 1796 wrote to memory of 1332	1796	Unicorn-50076.exe	31
PID 1796 wrote to memory of 1332	1796	Unicorn-50076.exe	31
PID 1796 wrote to memory of 1332	1796	Unicorn-50076.exe	31
PID 1796 wrote to memory of 1332	1796	Unicorn-50076.exe	31
PID 1916 wrote to memory of 1060	1916	Unicorn-30922.exe	32
PID 1916 wrote to memory of 1060	1916	Unicorn-30922.exe	32
PID 1916 wrote to memory of 1060	1916	Unicorn-30922.exe	32
PID 1916 wrote to memory of 1060	1916	Unicorn-30922.exe	32
PID 2112 wrote to memory of 2148	2112	Unicorn-38378.exe	33
PID 2112 wrote to memory of 2148	2112	Unicorn-38378.exe	33
PID 2112 wrote to memory of 2148	2112	Unicorn-38378.exe	33
PID 2112 wrote to memory of 2148	2112	Unicorn-38378.exe	33
PID 2292 wrote to memory of 2636	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	34
PID 2292 wrote to memory of 2636	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	34
PID 2292 wrote to memory of 2636	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	34
PID 2292 wrote to memory of 2636	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	34
PID 1332 wrote to memory of 2604	1332	Unicorn-19371.exe	35
PID 1332 wrote to memory of 2604	1332	Unicorn-19371.exe	35
PID 1332 wrote to memory of 2604	1332	Unicorn-19371.exe	35
PID 1332 wrote to memory of 2604	1332	Unicorn-19371.exe	35
PID 1796 wrote to memory of 2784	1796	Unicorn-50076.exe	36
PID 1796 wrote to memory of 2784	1796	Unicorn-50076.exe	36
PID 1796 wrote to memory of 2784	1796	Unicorn-50076.exe	36
PID 1796 wrote to memory of 2784	1796	Unicorn-50076.exe	36
PID 1060 wrote to memory of 2520	1060	Unicorn-65234.exe	37
PID 1060 wrote to memory of 2520	1060	Unicorn-65234.exe	37
PID 1060 wrote to memory of 2520	1060	Unicorn-65234.exe	37
PID 1060 wrote to memory of 2520	1060	Unicorn-65234.exe	37
PID 1916 wrote to memory of 2756	1916	Unicorn-30922.exe	38
PID 1916 wrote to memory of 2756	1916	Unicorn-30922.exe	38
PID 1916 wrote to memory of 2756	1916	Unicorn-30922.exe	38
PID 1916 wrote to memory of 2756	1916	Unicorn-30922.exe	38
PID 2148 wrote to memory of 2572	2148	Unicorn-3226.exe	39
PID 2148 wrote to memory of 2572	2148	Unicorn-3226.exe	39
PID 2148 wrote to memory of 2572	2148	Unicorn-3226.exe	39
PID 2148 wrote to memory of 2572	2148	Unicorn-3226.exe	39
PID 2636 wrote to memory of 3044	2636	Unicorn-21792.exe	40
PID 2636 wrote to memory of 3044	2636	Unicorn-21792.exe	40
PID 2636 wrote to memory of 3044	2636	Unicorn-21792.exe	40
PID 2636 wrote to memory of 3044	2636	Unicorn-21792.exe	40
PID 2112 wrote to memory of 1104	2112	Unicorn-38378.exe	41
PID 2112 wrote to memory of 1104	2112	Unicorn-38378.exe	41
PID 2112 wrote to memory of 1104	2112	Unicorn-38378.exe	41
PID 2112 wrote to memory of 1104	2112	Unicorn-38378.exe	41
PID 2292 wrote to memory of 1256	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	42
PID 2292 wrote to memory of 1256	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	42
PID 2292 wrote to memory of 1256	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	42
PID 2292 wrote to memory of 1256	2292	66c6ed8ef5d273a9d8a874129f770010N.exe	42
PID 2604 wrote to memory of 2020	2604	Unicorn-50813.exe	45
PID 2604 wrote to memory of 2020	2604	Unicorn-50813.exe	45
PID 2604 wrote to memory of 2020	2604	Unicorn-50813.exe	45
PID 2604 wrote to memory of 2020	2604	Unicorn-50813.exe	45

C:\Users\Admin\AppData\Local\Temp\66c6ed8ef5d273a9d8a874129f770010N.exe
"C:\Users\Admin\AppData\Local\Temp\66c6ed8ef5d273a9d8a874129f770010N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11916.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50064.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 224
        10⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 248
        9⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45383.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        9⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 248
        9⤵
        Program crash
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
        8⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 248
        8⤵
        Program crash
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10115.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
        9⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 228
        9⤵
        Program crash
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        8⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 224
        8⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        7⤵
        Program crash
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        10⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        10⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29549.exe
        10⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        9⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 224
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 228
        9⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        8⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 244
        8⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        9⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        9⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 228
        8⤵
        Program crash
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
        7⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        7⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
        8⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53543.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32383.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
        7⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 224
        7⤵
        Program crash
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34807.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        7⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 244
        7⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 244
        8⤵
        Program crash
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        8⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 228
        8⤵
        Program crash
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13966.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        8⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 248
        8⤵
        Program crash
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        7⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        6⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 224
        7⤵
        Program crash
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
        6⤵
        
        PID:4068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 244
        6⤵
        Program crash
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 244
        6⤵
        Program crash
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11444.exe
        6⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
        7⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 224
        7⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
        6⤵
        
        PID:5056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 248
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
        5⤵
        
        PID:2096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        6⤵
        Program crash
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42258.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        5⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        5⤵
        
        PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21995.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        9⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 248
        9⤵
        Program crash
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31693.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
        8⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        8⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
        8⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        8⤵
        Program crash
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        8⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        7⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        7⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        7⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24086.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27195.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
        9⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 248
        8⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24241.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        7⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57725.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        7⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        7⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        7⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31682.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
        6⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        6⤵
        
        PID:8304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44159.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
        8⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 244
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-154.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        7⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
        6⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        7⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 244
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42440.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        6⤵
        
        PID:7944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
        6⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        5⤵
        Executes dropped EXE
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        6⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
        7⤵
        Program crash
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
        6⤵
        
        PID:3228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 224
        6⤵
        Program crash
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
        6⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
        5⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
        5⤵
        
        PID:9108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 220
        5⤵
        Program crash
        
        PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62175.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64597.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11729.exe
        7⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40414.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 244
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15926.exe
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        6⤵
        
        PID:8596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 244
        5⤵
        Program crash
        
        PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        5⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        6⤵
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 244
        6⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61379.exe
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 248
        5⤵
        
        PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4557.exe
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40602.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        5⤵
        
        PID:6452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 228
        5⤵
        
        PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
      4⤵
      PID:3920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
      4⤵
      PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
      4⤵
      PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
      4⤵
      PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
      4⤵
      PID:8964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        6⤵
        Program crash
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        6⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 248
        8⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        7⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 244
        7⤵
        Program crash
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        7⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 248
        7⤵
        Program crash
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        6⤵
        
        PID:3136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 248
        6⤵
        Program crash
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10119.exe
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
        7⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        6⤵
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 244
        6⤵
        Program crash
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15460.exe
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        6⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        6⤵
        
        PID:9060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        5⤵
        Program crash
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37765.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        8⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        8⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
        8⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        8⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 248
        7⤵
        Program crash
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
        6⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8920.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        7⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        7⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        6⤵
        
        PID:3320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
        6⤵
        Program crash
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        5⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        6⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        7⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
        7⤵
        
        PID:5876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 228
        6⤵
        Program crash
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        5⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        6⤵
        
        PID:5912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 220
        6⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39696.exe
        5⤵
        
        PID:3240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 244
        5⤵
        Program crash
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29159.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        7⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4444.exe
        6⤵
        
        PID:3504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        6⤵
        Program crash
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        5⤵
        
        PID:2304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        6⤵
        Program crash
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18179.exe
        5⤵
        
        PID:3532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 248
        5⤵
        Program crash
        
        PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17451.exe
        6⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        5⤵
        
        PID:3972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        5⤵
        Program crash
        
        PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
      4⤵
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        5⤵
        
        PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        5⤵
        
        PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
      4⤵
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
      4⤵
      PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59893.exe
      4⤵
      PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
      4⤵
      PID:8996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65089.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 244
        5⤵
        Program crash
        
        PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
        5⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7620.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
        6⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        5⤵
        Program crash
        
        PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
        5⤵
        
        PID:5048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 224
        5⤵
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41592.exe
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
      4⤵
      PID:7584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-414.exe
      4⤵
      PID:8756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
        5⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 244
        6⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55172.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
        5⤵
        
        PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
      4⤵
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
        5⤵
        
        PID:5096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 244
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
      4⤵
      PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
      4⤵
      PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
      4⤵
      PID:8084
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 248
      4⤵
      PID:8560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
      4⤵
      Program crash
      PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
    3⤵
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
        5⤵
        
        PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        5⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        5⤵
        
        PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
      4⤵
      PID:4284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 224
      4⤵
      PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
    3⤵
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
      4⤵
      PID:7828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
      4⤵
      PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
      4⤵
      PID:8460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
    3⤵
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
    3⤵
    PID:5960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
    3⤵
    PID:6476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
    3⤵
    PID:7836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
    3⤵
    PID:8540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        6⤵
        Program crash
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
        5⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        6⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18734.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        7⤵
        
        PID:8948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 248
        6⤵
        Program crash
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        5⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        5⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21245.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
        6⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
        7⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        6⤵
        
        PID:4652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 244
        6⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23399.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        6⤵
        
        PID:8644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 224
        5⤵
        Program crash
        
        PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        5⤵
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48555.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25739.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-486.exe
        6⤵
        
        PID:8972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        5⤵
        Program crash
        
        PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
      4⤵
      PID:1700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 224
        5⤵
        Program crash
        
        PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39108.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
      4⤵
      PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
      4⤵
      PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
      4⤵
      PID:9008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 228
        8⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
        7⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 224
        7⤵
        
        PID:5940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
        6⤵
        Program crash
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
        6⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
        7⤵
        
        PID:9156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 248
        6⤵
        Program crash
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        6⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        5⤵
        
        PID:5980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 248
        5⤵
        
        PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 224
        5⤵
        Program crash
        
        PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        5⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 228
        6⤵
        
        PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9387.exe
        5⤵
        
        PID:4756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 244
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
      4⤵
      PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        5⤵
        
        PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
      4⤵
      PID:4740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
      4⤵
      PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        5⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        7⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 228
        7⤵
        Program crash
        
        PID:5188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        6⤵
        Program crash
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        5⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        6⤵
        
        PID:5428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 244
        6⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18511.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15843.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        5⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        5⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        5⤵
        
        PID:8296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 248
        5⤵
        
        PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        5⤵
        
        PID:1668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 224
        6⤵
        Program crash
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        5⤵
        
        PID:3620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 244
        5⤵
        Program crash
        
        PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
      4⤵
      PID:2180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 244
        5⤵
        Program crash
        
        PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
      4⤵
      PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
      4⤵
      PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
      4⤵
      PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
      4⤵
      PID:9112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27537.exe
      4⤵
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 224
        5⤵
        
        PID:7932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
      4⤵
      PID:4188
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 248
      4⤵
      PID:6548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe
    3⤵
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        5⤵
        
        PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4352
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 244
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61786.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
    3⤵
    PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
    3⤵
    PID:6580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
    3⤵
    PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
    3⤵
    PID:7984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        5⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-404.exe
        7⤵
        
        PID:9032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        6⤵
        Program crash
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5876.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        6⤵
        
        PID:7852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
        6⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        5⤵
        
        PID:4768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        5⤵
        
        PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38314.exe
      4⤵
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
        5⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12424.exe
        6⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19489.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        6⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        5⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        5⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        5⤵
        
        PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        5⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        5⤵
        
        PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
      4⤵
      PID:5988
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
      4⤵
      PID:952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64286.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
      4⤵
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        5⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
        6⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        5⤵
        
        PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
      4⤵
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3606.exe
        5⤵
        
        PID:8312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4524
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
      4⤵
      Program crash
      PID:5824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35440.exe
    3⤵
    PID:484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4312
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 244
      4⤵
      PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
    3⤵
    PID:4304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
    3⤵
    PID:6572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
    3⤵
    PID:7536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45371.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
    3⤵
    PID:8732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41441.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41441.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        5⤵
        Program crash
        
        PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
      4⤵
      PID:2748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        5⤵
        Program crash
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
      4⤵
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 248
        5⤵
        Program crash
        
        PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
      4⤵
      PID:3192
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
      4⤵
      Program crash
      PID:5660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27006.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26063.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        5⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        6⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45256.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47328.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
        5⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57809.exe
        5⤵
        
        PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        5⤵
        
        PID:5088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 248
        5⤵
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
      4⤵
      PID:3180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 248
      4⤵
      Program crash
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
    3⤵
    PID:1296
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 244
      4⤵
      Program crash
      PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
    3⤵
    PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
      4⤵
      PID:9088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
    3⤵
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
    3⤵
    PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
    3⤵
    PID:6836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53259.exe
    3⤵
    PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
    3⤵
    PID:8800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:780
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
    3⤵
    - Program crash
    PID:2788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31358.exe
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        5⤵
        
        PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
      4⤵
      PID:5284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 248
      4⤵
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
    3⤵
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
      4⤵
      PID:8160
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 228
      4⤵
      PID:8256
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
    3⤵
    - Program crash
    PID:4420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
  2⤵
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42462.exe
    3⤵
    PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
      4⤵
      PID:8396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
    3⤵
    PID:4956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 244
    3⤵
    PID:5924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
  2⤵
  PID:3776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
  2⤵
  PID:4292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3844.exe
  2⤵
  PID:5472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
  2⤵
  PID:6828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
  2⤵
  PID:868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
  2⤵
  PID:8536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe

Filesize
468KB

MD5
7bd141bf5dc5212a7de6c42499eb2d73

SHA1
c1845bb211da162144d76a776c60a3472d21b85d

SHA256
e15baddeaf11891f9967ff5bfac8de960fb9962727f59ed8ecfa727321263515

SHA512
8dc5067bb156e9ae9729f0112756079a321accb2a84ba1810e004b3885b59a43b678b93aa354203185b16f0843e0c10f053c372f1533465821efb5e9588e175d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe

Filesize
468KB

MD5
b5cd28c3f10d8c817ad80d4486965e03

SHA1
b07112bacc5ef8e8403d55327cadb2adf87e3491

SHA256
f33082e301fe90c53e77715266c692da074904e509bc4e2d937ac88e5abcde61

SHA512
24c287b44eb80baae31375ce3cb14fc7623375b1533e955543eb21f44c0435a215d7d0da6b65cd1d77d3a26f7ec9aba8ae277133f63a36ca33176e7b6ebf6c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe

Filesize
468KB

MD5
8a22e4671345fff125eeff886c8f58ea

SHA1
bbd7116afe411457a8b5d15a73fe5d3594bc408f

SHA256
113dec1b47421bed5fda809714611bb27ac22e54b1d852b683faa36cf4341561

SHA512
e369ba0862eec2ceaa9d9270277ff4ba26636175f0d412bb01c2c119d629e235d079da0740aeac14a778ad4fbe9b9c267ee80d55369e0c72278ce25825438f6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26693.exe

Filesize
468KB

MD5
2c107a62debb7eb4376fad1cd7a36c20

SHA1
ed1f32a0f2c39b3d25f30f0718300ec303452de0

SHA256
44b9fa64aa5e1ef2619abc0d4be87f3acbf5d0e61fe3ed96b7fbec826d43f5b9

SHA512
874e202109230cfe7e7f5ca9a0b2c3046a3f57109ea24ddb819b552a70353b22a0fa06db5cb8d166c6a24f12985335e1b9ab55aacb4aaed9c087c88d0b1a0613

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe

Filesize
468KB

MD5
f8a410d65c822efea61acb72a61d016e

SHA1
dc8ec27d0921eef72d49a7218a56baa8e1c22b6a

SHA256
85575d34ba4759291f2b15d8efe899532fdfed34c486b89f48666c480f2fab6a

SHA512
6dc966f144e35976aa6acd3a8cecd0b88357c759d675fe7240bc7901978d86fd142a16691efe7d78a568cdb4fbe333cdc55c5c59eec02fb8fb5296c22851f6d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe

Filesize
468KB

MD5
44f4c194ae0caf31fde4637de16ba224

SHA1
86d9bca0a0fce2856667b13903c196b8f9b6c641

SHA256
954d0a43e7f923a129447c359a474cf4798b0f15d33eecffbe21c55646973051

SHA512
4da0835f817b8af6ac315944aea4b831515dc610d9d57285bd5fb7b43af1e4b923a0c3db853119a725dc769d8009136548433fe0f50e5d0f5bb7dd7f73bd251e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe

Filesize
468KB

MD5
0e1c7339d8318d64d51c4ee2457efd97

SHA1
5522ede1a4c5d704175c41550ae53c848f4923d1

SHA256
42165ebd41201e34e7cd4966e2b5f720e30e0b2096b3eb48f48bc2c6c634929f

SHA512
bcc4f63dbbc8eec051cc38a55ec1e7cc6ce8e49e8066eb7c3bb4f02df494899233644447f89030ee6541b5baf0bc92af6f89fefc5dee9c714adcf511b010ccf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41441.exe

Filesize
468KB

MD5
a176899b5d919af86adb9ac43d415812

SHA1
fd6284089073c7684603c8e9591fd44fd33e428d

SHA256
889f6ba1c32eafbe3b40d95a7f18ae8c1a3bf9dffd54a360d58afe6ea4694af9

SHA512
1ce35aea9714f6d258c542ad2b184c1243656cabf1d7fbe83b8d25b436defc50064146bf7f32b74059167d30983ec4c46fedba9a6679400e733897a24628a68b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe

Filesize
468KB

MD5
127903b527e0d781d00741904292c550

SHA1
b44cde1f72f1dcb0745b020cdb0f50993bf1cfb3

SHA256
e2d30af2c3e6116d2af6981c23e848f2a6e318212a899314735bf0f00f44075e

SHA512
9ca649856d4b6f3efb9c172afcf32107b1277626e953fec05ec8f51ce38f7d4c83b0ec434fc2059bb024cde70ad90941a90986f4792f06c9ea9c69dc5dd1ad7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe

Filesize
468KB

MD5
4d0bad4e09b1c0fe19b46bd43126dc24

SHA1
2cf61dbf2dc5868a64a6dbce1f2a6e54d1143625

SHA256
acaac51322eaeb8b4582861dedffb3172d6a4d6093c75f62e45588607bf74f1c

SHA512
a671ce2c034bfbec962a2e0e4e3e9fd37e155e1001e494a7c6b6be045bd38d1a8b22ba68d05cd58b282abb41c907be3959593058a13e3ea13a3e04e17846bf87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe

Filesize
468KB

MD5
86930431f4b6cae279e801aee9647d46

SHA1
eae65e08dde3b9be5cac3c3c9a14797061d72cc6

SHA256
dcee2a088bd1ebc6c1159cbaa9a3f5775db49bc96c6405f93b1d6513bbde1cb2

SHA512
eb6171273225e02c98fc2de427cde787f6f38188259ec2ca141cc97545fb7716194c787564919acde3e370521a04eb9d7dd9ab339fda9de0ad791c1a3e0d9539

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7896.exe

Filesize
468KB

MD5
e7a92d738cc75b80c67ac70a2f5165e4

SHA1
c9cd97bdbdc0e95353aee1db8d5d6496da250e5c

SHA256
288c0482e0fb8ac0546439cce733c1e4c5d1ef1339bdc882b7508b160cd69574

SHA512
52f6fe2b1128caeceaba245f025c9b90c5fb9113c299896edbd35fb42bb26b6b8389839fdea9b017aa68d3430a9dae6a00d5dc052d03f50e4a4134e7d34092d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe

Filesize
468KB

MD5
ed880d4b29b9fd4eeb1e15cd3818ab98

SHA1
12b90adb178da8d894c9bd7ba6fb00dd1af70272

SHA256
5379c33b7eaebb2e3278d75f50383314914e0f05813ec60c38cb26d884fa6207

SHA512
f7677a18d8a7e0681ab2a549ce603b5ffe4bc1f0d057b6ce4fb5710b8f2967afa2fae2adeaa599b01fa6d50eee167682c05c9246ba81fd1b7729d39f44c7a0a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe

Filesize
468KB

MD5
e76d1cf9ebf3f7ffe00647f4d209b3b9

SHA1
8aab9705adb889036f4789b561bb57d2386d9993

SHA256
4871eaa92bf84b72bfb2f11aa39b90995240113890276e007fb7555334be49b9

SHA512
43641176e92c0477b65865ca4f79f677b122412003ff6af6f536dc20a5070f377ee4807fbcb0f5a8253672468a83fce36b5a3752f26dec9496e1c6d3fb887bba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe

Filesize
468KB

MD5
7dcf0464e30e5cb2eabea563fdba3f45

SHA1
10298a8d76dcd230e2a1d3192b369e9a1db0d3ad

SHA256
60edfcda7ea6cab329b727685f26b09e28d67d85f8bb0a3bcc5a56a21fa8b05f

SHA512
a535fcb7d4aa8f887295de0bad9b981717e754c5eb0493a1f47a5106ef5831c283393aa4b8b7128b5ed69f320fbccacff6a1d2eef7b27bea66699c00c217fd9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe

Filesize
468KB

MD5
edfcf64bf7847a46ffe16a74fd8d4aef

SHA1
954a98a7b16720e16aa436c90e1e90f184a9aa2b

SHA256
b992740decbaba66ee46d7ed2be45b75ca19c575562de55b3f8f656314e12c81

SHA512
2e2358fcb653aee5a6962a9b99906e9ad201de556948866a24287269f44345df3d6b7ff84d9635a620da775d568a7188f1185684d7b6503894d208044c390ebe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe

Filesize
468KB

MD5
5b95f15b25384aa9e64c226b54406195

SHA1
3695c020ab2285cffaaf64c9f5d163e553cb61bb

SHA256
46cab9831cacf1dc84680f053979701d82278fc4659fd998ea9b037a4b299e15

SHA512
4feb4153d353602b25c68b123dfe3dbc2a1560f9bbc0d0135f217e81a072fc9065c7b79f7abd63d4a04e258f2552d8c5a364ad5dd87f3f72509ace9dbd647251

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe

Filesize
468KB

MD5
0d31118fcb7c75e7908d39472eedbba9

SHA1
4c23488a28ec752f40fb2f1689ee10f3b06f6a07

SHA256
c5a9ff4a4a97c2e6ec8ce96c64cff9629212a2449f90debccd331e3ecd087222

SHA512
e1ca79d12508e7947f6f431cb830b5668d2266b30f5ba4627522c6f81774d3d73354507d29698fd74e49b43ba674c199cccfa0de4fe36731292c721aa1145af5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe

Filesize
468KB

MD5
89a2798d1fd11b558649793885df16dc

SHA1
ce5276d22a154f22ee0207f47838f41c0df1e650

SHA256
962e8e4352eba0b9ce244c914e3b73ce3f795f084b185beb0ea7be77ec76e9fe

SHA512
775c7470d2b7e7d6c4c8c47af6a51ab7b392438fbd062940fdd40bd2a2ddd3e327ba4e9ff311aac6a69d35bfd46a2f8d62b62cbc34f5a4f3163c9552aac50e55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe

Filesize
468KB

MD5
02f3ddb4fd75cc85b11592bb3e3cd2e4

SHA1
11e5c33e847733454390a09c1f4990e4631c7ea6

SHA256
d4355974f2c07883ebec83369c4a3ec948ed169c871f688f53a51f2937b16f1f

SHA512
b3e398666b6f961127c0fbd8bef1fac1169c9f4d073e1fe02a1a4beffc8c08d7b8fad36f2ba3f1f73e386f404bb6c572d2cf6e89ff30161a9564561040beb45f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe

Filesize
468KB

MD5
e6f916d34f1cd3ce265c94d9307217d2

SHA1
a8934ca14212a6f07daf0337877a694c28bd97f4

SHA256
ad69a4cd289e36f0f9829eb90e3bd7292114396956de4fe944d7564651acfa29

SHA512
4957a7c3d6fe4595f37d94d2e7d2c3910691a81fdd9f4da3538db6bfce039377d048f45d0e2c50ca6f028dc840f83aa8feb842c55910f87f415d485cdfba0b61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe

Filesize
468KB

MD5
b2f55e6d73e01626c62a4fdd25de018b

SHA1
27f30ed4df45bbebd298775440b340e2b9d71801

SHA256
0ac061a1896793e8f6bc57371f19b4f0954c874aa8c1d38946910c0d9134260f

SHA512
5cf2ebfd8f2de307a50d227a212e05896e0f2661509a1611ed104924875cf068781d8927fe72525a84eb11abd24d40c239c05d6ba205cb52035128d763597b95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe

Filesize
468KB

MD5
c97f4fbc4eb6cf5ac319b6102fcd5673

SHA1
0ec955467b5198c274bb76044557780436051f9f

SHA256
9184cbe8c7f29a543bbbfd00df487b7564209807c1f0f7c00f15c0d2acbf335b

SHA512
64bf77ab76099c42d02644fb959842b70a402b355e43a3ce0a48695eb45906f010dd90170f276fac7d5d533e0ac0da4c9b19abd12bfd7e3984d6094a992777a8

Download Submit