2aa24c19409c114cb80db610372f5aba9f37cda86c2d6009db9769a52d491893

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e22edbfd1b0c2960451d65b278b7de0N.exe
Size

468KB
MD5

5e22edbfd1b0c2960451d65b278b7de0
SHA1

034d257e57cf68bc7a955c4aa9a6927e6bad8767
SHA256

2aa24c19409c114cb80db610372f5aba9f37cda86c2d6009db9769a52d491893
SHA512

a18efbbd370a9c6cac73a33c0b69678e5746f42b91543c83646b7fb514d912c374e82fe5b91b46751875acc985cb8667fa387469fee7f221217a736bf9c5c8bd
SSDEEP

3072:DG3HogISIE5TtbY2HzcOcf8/vChaP0p2JVHeTVPMbDNL67tgEElL:DG3obMTtxH4OcfSYHKbDp4tgE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2888	Unicorn-62754.exe
2232	Unicorn-4482.exe
2796	Unicorn-54238.exe
2744	Unicorn-58727.exe
2596	Unicorn-19369.exe
2952	Unicorn-5956.exe
2368	Unicorn-37752.exe
2656	Unicorn-49594.exe
2760	Unicorn-13392.exe
2572	Unicorn-41426.exe
2432	Unicorn-62925.exe
1740	Unicorn-63190.exe
1984	Unicorn-57060.exe
2856	Unicorn-9905.exe
2780	Unicorn-43324.exe
976	Unicorn-63320.exe
604	Unicorn-3574.exe
1556	Unicorn-2827.exe
2424	Unicorn-45898.exe
752	Unicorn-39392.exe
2268	Unicorn-30461.exe
960	Unicorn-15442.exe
2496	Unicorn-18514.exe
2492	Unicorn-64451.exe
1716	Unicorn-60175.exe
2132	Unicorn-31032.exe
1376	Unicorn-18780.exe
784	Unicorn-9717.exe
584	Unicorn-15848.exe
1796	Unicorn-45889.exe
2176	Unicorn-27367.exe
660	Unicorn-22153.exe
2208	Unicorn-56724.exe
2236	Unicorn-4109.exe
1980	Unicorn-49226.exe
2752	Unicorn-21598.exe
2868	Unicorn-25682.exe
2860	Unicorn-15467.exe
2880	Unicorn-58661.exe
2852	Unicorn-17429.exe
2648	Unicorn-18199.exe
2300	Unicorn-5946.exe
2148	Unicorn-28265.exe
2084	Unicorn-40325.exe
2188	Unicorn-58337.exe
1052	Unicorn-3014.exe
1388	Unicorn-55915.exe
2304	Unicorn-59926.exe
3052	Unicorn-51831.exe
908	Unicorn-35038.exe
2028	Unicorn-6012.exe
1560	Unicorn-3974.exe
436	Unicorn-24203.exe
2072	Unicorn-61151.exe
2376	Unicorn-55021.exe
1964	Unicorn-36817.exe
924	Unicorn-28095.exe
2920	Unicorn-64851.exe
2288	Unicorn-46823.exe
2404	Unicorn-31638.exe
2560	Unicorn-39614.exe
1828	Unicorn-39636.exe
1744	Unicorn-15584.exe
2256	Unicorn-50025.exe

Loads dropped DLL 64 IoCs

pid	Process
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
2888	Unicorn-62754.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
2888	Unicorn-62754.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
2888	Unicorn-62754.exe
2796	Unicorn-54238.exe
2888	Unicorn-62754.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
2796	Unicorn-54238.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
2232	Unicorn-4482.exe
2232	Unicorn-4482.exe
2952	Unicorn-5956.exe
2796	Unicorn-54238.exe
2952	Unicorn-5956.exe
2796	Unicorn-54238.exe
2368	Unicorn-37752.exe
2368	Unicorn-37752.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
2888	Unicorn-62754.exe
2888	Unicorn-62754.exe
2744	Unicorn-58727.exe
2744	Unicorn-58727.exe
2232	Unicorn-4482.exe
2596	Unicorn-19369.exe
2232	Unicorn-4482.exe
2596	Unicorn-19369.exe
2656	Unicorn-49594.exe
2656	Unicorn-49594.exe
2952	Unicorn-5956.exe
2952	Unicorn-5956.exe
2760	Unicorn-13392.exe
2760	Unicorn-13392.exe
2796	Unicorn-54238.exe
2796	Unicorn-54238.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
2432	Unicorn-62925.exe
2432	Unicorn-62925.exe
2368	Unicorn-37752.exe
2368	Unicorn-37752.exe
2888	Unicorn-62754.exe
2888	Unicorn-62754.exe
2596	Unicorn-19369.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2596	Unicorn-19369.exe
972	WerFault.exe
972	WerFault.exe
972	WerFault.exe
972	WerFault.exe
2744	Unicorn-58727.exe
1740	Unicorn-63190.exe
1984	Unicorn-57060.exe
2744	Unicorn-58727.exe
1740	Unicorn-63190.exe
1984	Unicorn-57060.exe
2780	Unicorn-43324.exe
2780	Unicorn-43324.exe

Program crash 49 IoCs

pid	pid_target	Process	procid_target
2240	2572	WerFault.exe	38
972	2856	WerFault.exe	43
2824	2368	WerFault.exe	35
2576	584	WerFault.exe	58
3064	2648	WerFault.exe	72
2412	2304	WerFault.exe	80
2452	2176	WerFault.exe	61
2440	2820	WerFault.exe	97
1056	2208	WerFault.exe	63
2416	1068	WerFault.exe	110
3488	2664	WerFault.exe	103
3468	1716	WerFault.exe	55
3816	1980	WerFault.exe	65
3900	1560	WerFault.exe	84
3928	660	WerFault.exe	62
3552	2852	WerFault.exe	71
3648	2084	WerFault.exe	76
3096	3044	WerFault.exe	108
3628	2404	WerFault.exe	92
4596	1744	WerFault.exe	95
4624	604	WerFault.exe	45
4640	2072	WerFault.exe	86
4648	2880	WerFault.exe	70
4656	960	WerFault.exe	52
4680	2920	WerFault.exe	90
4716	1192	WerFault.exe	112
4464	2268	WerFault.exe	50
4540	1388	WerFault.exe	79
4508	2952	WerFault.exe	33
4792	2756	WerFault.exe	100
4968	1740	WerFault.exe	41
4336	2708	WerFault.exe	99
4604	2432	WerFault.exe	39
5080	2256	WerFault.exe	96
5876	2584	WerFault.exe	101
5864	1376	WerFault.exe	57
5804	2244	WerFault.exe	111
5312	2840	WerFault.exe	104
5456	2888	WerFault.exe	29
5420	784	WerFault.exe	59
5368	3052	WerFault.exe	81
5264	2252	WerFault.exe	155
6056	2592	WerFault.exe	102
5444	1816	WerFault.exe	107
6132	2600	WerFault.exe	125
5476	1616	WerFault.exe	119
5532	2000	WerFault.exe	176
6208	2868	WerFault.exe	68
6892	924	WerFault.exe	89

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60175.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60282.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26485.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1348	5e22edbfd1b0c2960451d65b278b7de0N.exe
2888	Unicorn-62754.exe
2796	Unicorn-54238.exe
2232	Unicorn-4482.exe
2952	Unicorn-5956.exe
2744	Unicorn-58727.exe
2596	Unicorn-19369.exe
2368	Unicorn-37752.exe
2656	Unicorn-49594.exe
2760	Unicorn-13392.exe
2572	Unicorn-41426.exe
2432	Unicorn-62925.exe
1984	Unicorn-57060.exe
2780	Unicorn-43324.exe
1740	Unicorn-63190.exe
2856	Unicorn-9905.exe
976	Unicorn-63320.exe
604	Unicorn-3574.exe
1556	Unicorn-2827.exe
2268	Unicorn-30461.exe
2424	Unicorn-45898.exe
1376	Unicorn-18780.exe
960	Unicorn-15442.exe
2496	Unicorn-18514.exe
2492	Unicorn-64451.exe
1716	Unicorn-60175.exe
752	Unicorn-39392.exe
2132	Unicorn-31032.exe
784	Unicorn-9717.exe
584	Unicorn-15848.exe
1796	Unicorn-45889.exe
2176	Unicorn-27367.exe
660	Unicorn-22153.exe
2208	Unicorn-56724.exe
2236	Unicorn-4109.exe
1980	Unicorn-49226.exe
2868	Unicorn-25682.exe
2860	Unicorn-15467.exe
2752	Unicorn-21598.exe
2880	Unicorn-58661.exe
2852	Unicorn-17429.exe
2300	Unicorn-5946.exe
2148	Unicorn-28265.exe
2648	Unicorn-18199.exe
2084	Unicorn-40325.exe
1052	Unicorn-3014.exe
2304	Unicorn-59926.exe
3052	Unicorn-51831.exe
2188	Unicorn-58337.exe
1388	Unicorn-55915.exe
1560	Unicorn-3974.exe
2376	Unicorn-55021.exe
2028	Unicorn-6012.exe
908	Unicorn-35038.exe
2072	Unicorn-61151.exe
436	Unicorn-24203.exe
2920	Unicorn-64851.exe
924	Unicorn-28095.exe
1964	Unicorn-36817.exe
2288	Unicorn-46823.exe
2404	Unicorn-31638.exe
2560	Unicorn-39614.exe
1828	Unicorn-39636.exe
1744	Unicorn-15584.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 2888	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	29
PID 1348 wrote to memory of 2888	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	29
PID 1348 wrote to memory of 2888	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	29
PID 1348 wrote to memory of 2888	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	29
PID 2888 wrote to memory of 2232	2888	Unicorn-62754.exe	30
PID 2888 wrote to memory of 2232	2888	Unicorn-62754.exe	30
PID 2888 wrote to memory of 2232	2888	Unicorn-62754.exe	30
PID 2888 wrote to memory of 2232	2888	Unicorn-62754.exe	30
PID 1348 wrote to memory of 2796	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	31
PID 1348 wrote to memory of 2796	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	31
PID 1348 wrote to memory of 2796	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	31
PID 1348 wrote to memory of 2796	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	31
PID 2888 wrote to memory of 2744	2888	Unicorn-62754.exe	32
PID 2888 wrote to memory of 2744	2888	Unicorn-62754.exe	32
PID 2888 wrote to memory of 2744	2888	Unicorn-62754.exe	32
PID 2888 wrote to memory of 2744	2888	Unicorn-62754.exe	32
PID 2796 wrote to memory of 2952	2796	Unicorn-54238.exe	33
PID 2796 wrote to memory of 2952	2796	Unicorn-54238.exe	33
PID 2796 wrote to memory of 2952	2796	Unicorn-54238.exe	33
PID 2796 wrote to memory of 2952	2796	Unicorn-54238.exe	33
PID 1348 wrote to memory of 2596	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	34
PID 1348 wrote to memory of 2596	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	34
PID 1348 wrote to memory of 2596	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	34
PID 1348 wrote to memory of 2596	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	34
PID 2232 wrote to memory of 2368	2232	Unicorn-4482.exe	35
PID 2232 wrote to memory of 2368	2232	Unicorn-4482.exe	35
PID 2232 wrote to memory of 2368	2232	Unicorn-4482.exe	35
PID 2232 wrote to memory of 2368	2232	Unicorn-4482.exe	35
PID 2952 wrote to memory of 2656	2952	Unicorn-5956.exe	36
PID 2952 wrote to memory of 2656	2952	Unicorn-5956.exe	36
PID 2952 wrote to memory of 2656	2952	Unicorn-5956.exe	36
PID 2952 wrote to memory of 2656	2952	Unicorn-5956.exe	36
PID 2796 wrote to memory of 2760	2796	Unicorn-54238.exe	37
PID 2796 wrote to memory of 2760	2796	Unicorn-54238.exe	37
PID 2796 wrote to memory of 2760	2796	Unicorn-54238.exe	37
PID 2796 wrote to memory of 2760	2796	Unicorn-54238.exe	37
PID 2368 wrote to memory of 2572	2368	Unicorn-37752.exe	38
PID 2368 wrote to memory of 2572	2368	Unicorn-37752.exe	38
PID 2368 wrote to memory of 2572	2368	Unicorn-37752.exe	38
PID 2368 wrote to memory of 2572	2368	Unicorn-37752.exe	38
PID 1348 wrote to memory of 2432	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	39
PID 1348 wrote to memory of 2432	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	39
PID 1348 wrote to memory of 2432	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	39
PID 1348 wrote to memory of 2432	1348	5e22edbfd1b0c2960451d65b278b7de0N.exe	39
PID 2888 wrote to memory of 1984	2888	Unicorn-62754.exe	40
PID 2888 wrote to memory of 1984	2888	Unicorn-62754.exe	40
PID 2888 wrote to memory of 1984	2888	Unicorn-62754.exe	40
PID 2888 wrote to memory of 1984	2888	Unicorn-62754.exe	40
PID 2744 wrote to memory of 1740	2744	Unicorn-58727.exe	41
PID 2744 wrote to memory of 1740	2744	Unicorn-58727.exe	41
PID 2744 wrote to memory of 1740	2744	Unicorn-58727.exe	41
PID 2744 wrote to memory of 1740	2744	Unicorn-58727.exe	41
PID 2232 wrote to memory of 2780	2232	Unicorn-4482.exe	42
PID 2232 wrote to memory of 2780	2232	Unicorn-4482.exe	42
PID 2232 wrote to memory of 2780	2232	Unicorn-4482.exe	42
PID 2232 wrote to memory of 2780	2232	Unicorn-4482.exe	42
PID 2596 wrote to memory of 2856	2596	Unicorn-19369.exe	43
PID 2596 wrote to memory of 2856	2596	Unicorn-19369.exe	43
PID 2596 wrote to memory of 2856	2596	Unicorn-19369.exe	43
PID 2596 wrote to memory of 2856	2596	Unicorn-19369.exe	43
PID 2656 wrote to memory of 976	2656	Unicorn-49594.exe	44
PID 2656 wrote to memory of 976	2656	Unicorn-49594.exe	44
PID 2656 wrote to memory of 976	2656	Unicorn-49594.exe	44
PID 2656 wrote to memory of 976	2656	Unicorn-49594.exe	44

C:\Users\Admin\AppData\Local\Temp\5e22edbfd1b0c2960451d65b278b7de0N.exe
"C:\Users\Admin\AppData\Local\Temp\5e22edbfd1b0c2960451d65b278b7de0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13647.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
        8⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        8⤵
        Program crash
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        7⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 244
        7⤵
        Program crash
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
        7⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        6⤵
        
        PID:3824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 224
        6⤵
        Program crash
        
        PID:4656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        5⤵
        Program crash
        
        PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
        6⤵
        Program crash
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        6⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31843.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49667.exe
        7⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        6⤵
        
        PID:1304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 244
        6⤵
        Program crash
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2478.exe
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
        6⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        6⤵
        
        PID:1236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
        6⤵
        Program crash
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        5⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20353.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        5⤵
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26443.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        5⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61129.exe
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12555.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
        5⤵
        
        PID:5096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 228
        5⤵
        Program crash
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        5⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        7⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        6⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50572.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        6⤵
        
        PID:4672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        6⤵
        Program crash
        
        PID:5804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        5⤵
        Program crash
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
      4⤵
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7330.exe
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        5⤵
        
        PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
      4⤵
      PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51693.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
      4⤵
      PID:6120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24203.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4440.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24627.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        7⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        7⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59945.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43714.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8092.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
        6⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
        6⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11347.exe
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21983.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2090.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        6⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12717.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 248
        5⤵
        Program crash
        
        PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        6⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        7⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61663.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        5⤵
        Program crash
        
        PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58337.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24414.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
        6⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        6⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16115.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        5⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
        5⤵
        
        PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        5⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        5⤵
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
      4⤵
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
      4⤵
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
      4⤵
      PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 244
        6⤵
        Program crash
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        5⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        6⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58571.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56053.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
        5⤵
        
        PID:4480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 248
        5⤵
        Program crash
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        5⤵
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34777.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
        5⤵
        
        PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60610.exe
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        5⤵
        
        PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31629.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2546.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
      4⤵
      PID:6544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
        6⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26643.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42116.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 228
        5⤵
        Program crash
        
        PID:6208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14586.exe
      4⤵
      PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-299.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
      4⤵
      PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
      4⤵
      PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
      4⤵
      PID:6584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
      4⤵
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        5⤵
        
        PID:4880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 248
        5⤵
        Program crash
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
      4⤵
      PID:3708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 248
      4⤵
      Program crash
      PID:4648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34452.exe
      4⤵
      PID:536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 248
      4⤵
      Program crash
      PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
    3⤵
    PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
    3⤵
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
    3⤵
    PID:4896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 244
    3⤵
    - Program crash
    PID:5456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5956.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28095.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56166.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37709.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 248
        8⤵
        Program crash
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29043.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        7⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
        7⤵
        Program crash
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32343.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57450.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
        6⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40232.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
        7⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
        7⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 224
        7⤵
        Program crash
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11234.exe
        6⤵
        
        PID:2328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 220
        6⤵
        Program crash
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51681.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3590.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35017.exe
        7⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        7⤵
        Program crash
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        6⤵
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        6⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        6⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        5⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
        6⤵
        
        PID:5300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 248
        6⤵
        Program crash
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19962.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        5⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14177.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18811.exe
        5⤵
        
        PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        6⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 248
        7⤵
        Program crash
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36312.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
        6⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
        6⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        6⤵
        
        PID:3764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
        6⤵
        Program crash
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16256.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43300.exe
        5⤵
        
        PID:3988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 224
        5⤵
        Program crash
        
        PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        5⤵
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61576.exe
        5⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        5⤵
        
        PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
        5⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        5⤵
        
        PID:5608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 244
        5⤵
        Program crash
        
        PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
      4⤵
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20827.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        5⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9930.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10925.exe
      4⤵
      PID:3804
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 244
      4⤵
      Program crash
      PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        7⤵
        Program crash
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        6⤵
        
        PID:3916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 236
        6⤵
        Program crash
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36312.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        6⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        5⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        6⤵
        
        PID:2116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        6⤵
        Program crash
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63223.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        5⤵
        
        PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        5⤵
        
        PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50025.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        6⤵
        
        PID:4392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 244
        6⤵
        Program crash
        
        PID:5080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 248
        5⤵
        Program crash
        
        PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        5⤵
        Program crash
        
        PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35212.exe
        5⤵
        
        PID:4560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 220
        5⤵
        Program crash
        
        PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
      4⤵
      PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
      4⤵
      PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
      4⤵
      PID:6904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55915.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43331.exe
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        6⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        6⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        5⤵
        
        PID:3692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 248
        5⤵
        Program crash
        
        PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44502.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        5⤵
        
        PID:5448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 220
        5⤵
        Program crash
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
      4⤵
      PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50048.exe
      4⤵
      PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
    3⤵
    PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
    3⤵
    PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41291.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
    3⤵
    PID:6568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29813.exe
        5⤵
        
        PID:944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 248
        5⤵
        Program crash
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
      4⤵
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
      4⤵
      PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20648.exe
      4⤵
      PID:6700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62516.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59508.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
      4⤵
      PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
      4⤵
      PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62967.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27728.exe
    3⤵
    PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37192.exe
    3⤵
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        5⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5692.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26119.exe
        6⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11445.exe
        6⤵
        
        PID:5348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 244
        6⤵
        Program crash
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        5⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 248
        5⤵
        Program crash
        
        PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44146.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        5⤵
        
        PID:4924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        5⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
        5⤵
        
        PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29468.exe
      4⤵
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35758.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        5⤵
        
        PID:5468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 220
        5⤵
        Program crash
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
      4⤵
      PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46823.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
      4⤵
      PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
      4⤵
      PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1265.exe
      4⤵
      PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
    3⤵
    PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
    3⤵
    PID:3548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 248
    3⤵
    - Program crash
    PID:4604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
      4⤵
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61036.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
      4⤵
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
      4⤵
      PID:5240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
    3⤵
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
      4⤵
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
      4⤵
      PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
      4⤵
      PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe
    3⤵
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
    3⤵
    PID:3576
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 244
    3⤵
    - Program crash
    PID:4464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
      4⤵
      PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
      4⤵
      PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54358.exe
      4⤵
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
    3⤵
    PID:1840
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
    3⤵
    - Program crash
    PID:3552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
    3⤵
    PID:3360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
    3⤵
    - Program crash
    PID:4596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
  2⤵
  PID:3624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
  2⤵
  PID:4512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
  2⤵
  PID:4440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
  2⤵
  PID:6020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe

Filesize
468KB

MD5
a030f5683bf4375b6a308f377b115948

SHA1
1f93237a1b28463337bb0e83a5a51a9264fa4c9f

SHA256
1baf2e0cf3a621917334b1edb5c6999079b2c601780a89e4861ed17628dbfacc

SHA512
3ef1bc7cc21d1ba760e1e52af99fb94cf1bbec836443c9d02bbe3589c8c54acd5ed21f172a50e9a0834adbf523d17d3e77cf3e93ade07e2f908e909ff726e846

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe

Filesize
468KB

MD5
a59c4fe58a7fe367fbc160b61a1ebb25

SHA1
aa886ec80aa0565d01281e4086694888a416b86f

SHA256
d0c24ab2f3734180b32e382e725a3125a68fc95bc178da663953c7e2e832e270

SHA512
3a43ffc9810437b3c2923ce374d147c3825bbc61612416ef5c99daf46fa02e33c2f33c0d033cc65ed50a57ecb672d39de83366aa97cfb9d0f2a08bb4c95f3202

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2478.exe

Filesize
468KB

MD5
86fc3e6a39e791fe73abf6293dffe743

SHA1
71f9fab1fbb4211102a441aeff0e0aaeb9dae504

SHA256
674dfeefc5c998798a5c66c3be9d239f2338a8d459869020df752e3e2b3465d0

SHA512
885b5de80dbaff271c894966b17ea453cff81dd7e924b36192625d97c550bfbe72ec0c86ec88499e058c4971a7229acc302e4fc42dd811d63f221ec5f99346e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe

Filesize
468KB

MD5
8b9dedae5530fe99adfc072415ef8550

SHA1
292802a7bd1f6e2f2e3d691350c8e66256f5e8fc

SHA256
408be302251ea9f7c86a10da1acb80554c4c629e13d53ec531331369e5c7a62b

SHA512
1bc331b8a7240512a09f0826089167d63dc9a20653425cfcc48d28cb762a0194f30d10e2b9b37ff8601d312432a05314f56c02f85f2a8b0e25b4834ce87dea16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe

Filesize
468KB

MD5
82b47ca7403bdefb87653da43c161850

SHA1
0639946b0036c6101d344e773589b29f665d0208

SHA256
6f1467bbfe815ee205c9986e85f8b8374a3e52fdcf004660b5f9f1a88e707b37

SHA512
a6df4e6746bd0370daaaf81256c9a04a6c04ac9dd91d3dad7d2411e2c22a3cab18a162fc0d62ac9c84b9425c7960f42b0961ac7d6cb4212efdfe7ea5a8235365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe

Filesize
468KB

MD5
f7b8f40405b2dde2ae6929a277b18c88

SHA1
35700c4ca041daa8e418764ca76a1b17376a494f

SHA256
18e3bc7ce3fdf48b71a4a87e885e2cbeb35834111deafb90572cd3213b7158b3

SHA512
e6418e8916a1a2b713c15069c7195bd0da4c0824efe978a0a40856329b129f9f64f28b71b729bd816bb95f780d2195d4016e7f2cd27dc7824af2bfa0eca91e8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5956.exe

Filesize
468KB

MD5
fc75d2298c16e03ce89d0904308890f5

SHA1
8f58397a7195701479378e09ce1f627adef45821

SHA256
edb0e33b03d2b3ca1d73ae0d22d892b0ab8a8d6e7204cd18cd176b0122c6bc0b

SHA512
3913b47cf9829ffc76641bc80452673f62c6a537a6b250b3889b32134a59b64f2d88ff814e543198e353d1e5fdd3df486735af93ba05d1349e1cca4a4e45ef6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe

Filesize
468KB

MD5
89c3f926be165a30f0fd3e0d95eadfc9

SHA1
07a9a156eb3d5c07d7b3b02fb038c2afc99c0c31

SHA256
3ff800bacf2d2e5de8ce9cf5508709907d754ad687e388f68c4dd0a95b7502ec

SHA512
ca6da5c348d61fa477173c4b2317c737bd67054468b2de08c8a66a1f5cce12a8c66b594fb977c996c22c57377afd6b43af63f250ec7c83f46484fac0c0a3e9ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe

Filesize
468KB

MD5
bbb3b4b63a5b04668f43a3bab76073f6

SHA1
cd9baf3bec25fc9b849f961beab7657b0ddaae9d

SHA256
cf841525889388debf026235a4c6e4557aeb1fe2c29f7036e000df012b5f9215

SHA512
cb044540b43a4374ab420130de3fd914974874f63ce028da609843bd990a51c03217fad8af894a0e725781e7a92c6c4d1d0d3dcefd3b002d08352acb5e18e0f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe

Filesize
468KB

MD5
881c122c07d6fb4721e5fb5fcee4f712

SHA1
5182d825d100433429907edcaf32c2d8c7dab4ae

SHA256
4bf136ce5ed078c659ef7099dc9d0275a46276c693e0fb374a6007ffd2ae7f91

SHA512
fe7e347ed068c83462afa63716ca931cdcf75bcb82626847b77ddab31df00f4b12899473138e21860c6816bd08dc4a3fa03501a30b3c15c758f9d74d8dc90b86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe

Filesize
468KB

MD5
e61cedfade694e0065bb465d75cb19aa

SHA1
3c6b1e3255c96242a4c874040afeb70af0ec7257

SHA256
f74e0787e1fad65ee8ecf4a4bd0c1dc01f9e0773bf7e72c62d93aebead5f056a

SHA512
f313479eb0907eba3641beab3a0f795c88558a2991d5266ccd9f6fcdbaba894e3ea4d525dd1c20ae77eae8a3a2421b52f39038753708a559d96fdfcea4c689a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37752.exe

Filesize
468KB

MD5
be7fa94446e69b3fed2794d9e07f3d1f

SHA1
d7f8b58d7d0902755669bb78150994a3f5688a77

SHA256
9a48571dcf7be26c433f9f89f5d40f3438eed02b4bfebebccf338bc7f177733b

SHA512
7d232556274150ec40632f476bb6a3e506c5e0c3b3a6bb00218349d33428c590834956bc9381a1b4d4181f6dfc2dcb25fe7d5ebd28f8455bb725b9874abbc4ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe

Filesize
468KB

MD5
63d2b01a980a0b6eefefadf08ef4199e

SHA1
76cc006491f9adb2438d30af8f165cdba25276fb

SHA256
375b77d7713d92e253e3ddc4f1f4da7ea291a60c6f839f061417a29e5483e33a

SHA512
1735f8995a5dc8abd68fe21d38521219b1a4a4b63d6b630648334ec96fced6b35870e96e043401b21040d839720c277a59500bdb6705bcb4e9e5efae2966cd44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe

Filesize
468KB

MD5
523be45b1a0097613b70d3132c8fc643

SHA1
0d5cfba20269f105dd4501ad166a1f04556203c5

SHA256
253fec4b0b1b28f4397d7c363d7c7ea8765f36973efff101fbe173a64630efdf

SHA512
6a5cc9d6279c9fc63308898bc7dc31a795420706f22a91bb500c7783847adef5e5df992c90011949afc6085d772e64e8fc22deaec8d67401ccde6c1b903d5b30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe

Filesize
468KB

MD5
07463f66a1b7c1aa257c19223cae0546

SHA1
fa01eff1a884b12b2eabbeab3f01264f121b6080

SHA256
ececa3537619a8039d481963444f3011ab58207311b0aa2684205fe2ec3c3a46

SHA512
ab0e6caa7abcf7318a98852b4b51d58bc5dc2410a95538bd68692f3adfdbda0cd61d0680aca63599bc63a5a47b0a375f5b7a4502a81f655679d7ce4fa75d133c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe

Filesize
468KB

MD5
18b47bf562b32a660999f012f4afefa2

SHA1
fe4cff757ae6e4722c5dbdcc6be71a00f4bc2da3

SHA256
23b4ccfd0ca74684d19e7b28a41c4e0b0d61679b6c77934e6cb8ef523275ae3b

SHA512
e7fdab2fd214cd6ef56c0192831b173d20ca28db6114ea5e446c842f3cf381cbf2f67ca772b9bf09b96544a8eb4d668db5e537e01e6609b5788843772ebbeb2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe

Filesize
468KB

MD5
c37555fae97a385cc24ffb43e9f3926c

SHA1
cc4d3e6c2dcf4d051b2e9475f3cd1c60f7fd194a

SHA256
e6e14e0c97b47046588812d46b97b96dcba10ea8473d46f6b58345224eb7bb4e

SHA512
4fae71a2d810f20b0ec8bf1f4b26fc3c9cf6998442b735f011a49c9db5903c288cea6f7c4724bb1fdc142f860180339974784643d9761113fb7eb27f89863e65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe

Filesize
468KB

MD5
e18dc5ad7c870788ba9ee7e8814cdad3

SHA1
9cf66ceaba3720fb0320d07b070f3bd3d9c537dc

SHA256
b0e2810d3f1d24e4586c3486bf0e8a06249c7ae6b8f9a10390dc733ef3c998bc

SHA512
e414cc3eb586c42ae814b4b0e66241a561e59d9d73332ef685679be4acb2fa6084e83c51404f0a32eab9e38d82e8cde9d36c054114bebc9b47ddb78f43768035

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe

Filesize
468KB

MD5
e64c8ccb5cd5921730bb8c1ef28b54a2

SHA1
30961df24f9af4a4cb462f266b7d6241a006cbab

SHA256
57b3f34815180ca573ed3356a5673a4c862519b3f9da807c6fb515ddd130b30f

SHA512
cfb8e2ca4454665e47c9dd7c9e6913fe51ebeafb523c3d48b19d10784dbb5e2668f8d70ccc236bb026d38d7b707c477a112048dc5e4982eee41db514e34cce72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe

Filesize
468KB

MD5
c63ad81da4f7ec0210eac2653b8b309b

SHA1
d6e4ddc5b78609a0581d97619c249e826c74bdc6

SHA256
9ab6bf052475001ebfbff9888915a59dadfaae578d3e28b5b61658b1feeef270

SHA512
3b6a8ce441ed61b14bfa517ac9cf985ae7137292c09120677b84c2a6b3e56fef5a8e7976720c106c5cee5641651ed32054d93590c84f0198024cbfcabc302f20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe

Filesize
468KB

MD5
78a6bf12f17fd7d51008767cef23ac9b

SHA1
134adfea1acea165c834fbf13a01b6f93bae55c9

SHA256
e478d7e83887552e200c1fee713faca0c860bee7935b1ea8015bdcd2b81dca06

SHA512
ce152595ca5fad08dd5866f56671415ab5488e3b319ee3984665068490bcc4ac848c82529eac0cd408305460d7a0aa1f25c9e32f653dc6b99df68aca8253d7dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe

Filesize
468KB

MD5
3582d1f929be2ed3ed62dbee460bfc47

SHA1
0001a85b9526bb16ccea4992708e86b7428820aa

SHA256
744ab92ce7bb40b050fd50135df4c5d3f81c9493c77951784696863e99c4cc59

SHA512
8beb070c20a7a500c7dbda8bec9afd2ef57c8dfccf5417c2166d45645bf5e4e428b1142f17965ec6fca37cd9930d8a4d55989ebbe0cde0e5aaae7b474ca90ddb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe

Filesize
468KB

MD5
1e06e22cf3d4d17cf40f9c6d962fd7ad

SHA1
2bc7b05d32fd436f0ab788176ab31ea931a1a221

SHA256
cdc8941508c5936e63b31c9080238d278f8489bc72130a84ac8237bba1a62ba0

SHA512
50cabcc7132bedb4df561a4a91a998709fb0866a1bc5482c91863680dfb4e8311c7b5056b6701c8019bebc3ddbbfd8ed33bd8ccb6828d7e5309f169f3ea40d82

Download Submit