74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18/09/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
Size

184KB
MD5

e0c376d1ee4b2d16b90e1ee104775650
SHA1

b756f24b412bdcd6a30f3e0b174ce4599c62a3b9
SHA256

74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108
SHA512

e4d2114330069c7825198ade42970bc97d29f9b03600830953250512a3f842a72879564a6a5d86f4e8e5fe8f787d6585b38e5c04594392e5d9af2e321243a240
SSDEEP

3072:ZYqbZxo3nL0Vd+TWeGUjRr3xulnniFOnf:ZYKo4z+TRjh3xulnniFO

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2016	Unicorn-44708.exe
1988	Unicorn-24371.exe
2920	Unicorn-39315.exe
2760	Unicorn-22316.exe
2832	Unicorn-2450.exe
2768	Unicorn-57126.exe
2312	Unicorn-11215.exe
2336	Unicorn-26160.exe
2980	Unicorn-64308.exe
1908	Unicorn-46026.exe
1216	Unicorn-44443.exe
984	Unicorn-60367.exe
1556	Unicorn-56283.exe
1812	Unicorn-25557.exe
1840	Unicorn-5691.exe
2588	Unicorn-36439.exe
1724	Unicorn-51384.exe
1704	Unicorn-50891.exe
1468	Unicorn-5219.exe
892	Unicorn-35946.exe
2452	Unicorn-35130.exe
2456	Unicorn-24270.exe
2384	Unicorn-8488.exe
1916	Unicorn-46828.exe
2392	Unicorn-50912.exe
1684	Unicorn-50912.exe
880	Unicorn-320.exe
2356	Unicorn-63740.exe
3032	Unicorn-2287.exe
2244	Unicorn-47959.exe
3044	Unicorn-29506.exe
2968	Unicorn-28114.exe
2500	Unicorn-39812.exe
2604	Unicorn-11778.exe
2728	Unicorn-35728.exe
2856	Unicorn-23284.exe
2708	Unicorn-3418.exe
1372	Unicorn-27368.exe
2864	Unicorn-62178.exe
2504	Unicorn-60787.exe
2972	Unicorn-15115.exe
2896	Unicorn-30060.exe
3028	Unicorn-49926.exe
3064	Unicorn-39895.exe
2564	Unicorn-54840.exe
2528	Unicorn-31727.exe
2400	Unicorn-50756.exe
3036	Unicorn-62453.exe
1968	Unicorn-15390.exe
2308	Unicorn-30335.exe
1512	Unicorn-54285.exe
2468	Unicorn-45925.exe
2472	Unicorn-17891.exe
832	Unicorn-39703.exe
1792	Unicorn-808.exe
2836	Unicorn-808.exe
2656	Unicorn-3501.exe
2652	Unicorn-27451.exe
2936	Unicorn-62261.exe
1644	Unicorn-62261.exe
1628	Unicorn-62261.exe
608	Unicorn-15198.exe
2848	Unicorn-64954.exe
2984	Unicorn-64954.exe

Loads dropped DLL 64 IoCs

pid	Process
2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
2016	Unicorn-44708.exe
2016	Unicorn-44708.exe
2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
2016	Unicorn-44708.exe
1988	Unicorn-24371.exe
2016	Unicorn-44708.exe
1988	Unicorn-24371.exe
2920	Unicorn-39315.exe
2920	Unicorn-39315.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2760	Unicorn-22316.exe
2760	Unicorn-22316.exe
1988	Unicorn-24371.exe
1988	Unicorn-24371.exe
2832	Unicorn-2450.exe
2832	Unicorn-2450.exe
2920	Unicorn-39315.exe
2768	Unicorn-57126.exe
2920	Unicorn-39315.exe
2768	Unicorn-57126.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2192	WerFault.exe
2240	WerFault.exe
2336	Unicorn-26160.exe
2336	Unicorn-26160.exe
1908	Unicorn-46026.exe
1908	Unicorn-46026.exe
1216	Unicorn-44443.exe
1216	Unicorn-44443.exe
2832	Unicorn-2450.exe
2832	Unicorn-2450.exe
2312	Unicorn-11215.exe
2312	Unicorn-11215.exe
2760	Unicorn-22316.exe
2760	Unicorn-22316.exe
788	WerFault.exe
788	WerFault.exe
788	WerFault.exe
788	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
788	WerFault.exe
1536	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2748	2536	WerFault.exe	29
2608	2016	WerFault.exe	30
2880	2980	WerFault.exe	41
2192	1988	WerFault.exe	31
2240	2920	WerFault.exe	32
1536	2760	WerFault.exe	35
788	2832	WerFault.exe	34
1520	2336	WerFault.exe	39
1652	1908	WerFault.exe	40
2008	1216	WerFault.exe	42
2892	2312	WerFault.exe	38
568	2768	WerFault.exe	36
1420	984	WerFault.exe	47
448	1556	WerFault.exe	48
2012	1812	WerFault.exe	49
1992	1840	WerFault.exe	50
592	2588	WerFault.exe	51
1072	1724	WerFault.exe	52
1440	1704	WerFault.exe	55
1116	1468	WerFault.exe	56
376	892	WerFault.exe	57
2212	2456	WerFault.exe	59
2216	2452	WerFault.exe	58
2448	1916	WerFault.exe	61
2380	2384	WerFault.exe	60
2924	2392	WerFault.exe	62
2292	880	WerFault.exe	64
2844	1684	WerFault.exe	63
1140	2356	WerFault.exe	68
780	3032	WerFault.exe	70
1772	2244	WerFault.exe	69
1516	3044	WerFault.exe	72
3124	2968	WerFault.exe	73
3160	2500	WerFault.exe	74
3264	2604	WerFault.exe	75
3296	2972	WerFault.exe	82
3288	2504	WerFault.exe	81
3420	2728	WerFault.exe	76
3412	2856	WerFault.exe	77
3428	2896	WerFault.exe	83
3436	1372	WerFault.exe	79
3444	3028	WerFault.exe	84
3452	2864	WerFault.exe	80
3540	2708	WerFault.exe	78
3856	3064	WerFault.exe	88
3860	2564	WerFault.exe	90
3956	2528	WerFault.exe	92
3336	2308	WerFault.exe	98
3392	3036	WerFault.exe	96
3984	2468	WerFault.exe	100
3980	1512	WerFault.exe	99
4048	1968	WerFault.exe	97
3200	2400	WerFault.exe	95
3532	608	WerFault.exe	110
3548	1644	WerFault.exe	107
3748	1792	WerFault.exe	104
3908	2472	WerFault.exe	101
4304	1628	WerFault.exe	108
4344	2656	WerFault.exe	105
4428	2936	WerFault.exe	109
4748	1212	WerFault.exe	129
4900	2984	WerFault.exe	113
4928	2848	WerFault.exe	111
4944	2952	WerFault.exe	112

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41421.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28650.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31110.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64954.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58006.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
2016	Unicorn-44708.exe
1988	Unicorn-24371.exe
2920	Unicorn-39315.exe
2832	Unicorn-2450.exe
2760	Unicorn-22316.exe
2768	Unicorn-57126.exe
2336	Unicorn-26160.exe
2312	Unicorn-11215.exe
1216	Unicorn-44443.exe
1908	Unicorn-46026.exe
2980	Unicorn-64308.exe
984	Unicorn-60367.exe
1556	Unicorn-56283.exe
1812	Unicorn-25557.exe
1840	Unicorn-5691.exe
2588	Unicorn-36439.exe
1724	Unicorn-51384.exe
1704	Unicorn-50891.exe
1468	Unicorn-5219.exe
892	Unicorn-35946.exe
2452	Unicorn-35130.exe
2456	Unicorn-24270.exe
2384	Unicorn-8488.exe
1916	Unicorn-46828.exe
2392	Unicorn-50912.exe
1684	Unicorn-50912.exe
880	Unicorn-320.exe
2356	Unicorn-63740.exe
2244	Unicorn-47959.exe
3032	Unicorn-2287.exe
3044	Unicorn-29506.exe
2968	Unicorn-28114.exe
2500	Unicorn-39812.exe
2604	Unicorn-11778.exe
2728	Unicorn-35728.exe
2856	Unicorn-23284.exe
2708	Unicorn-3418.exe
1372	Unicorn-27368.exe
2504	Unicorn-60787.exe
2864	Unicorn-62178.exe
2972	Unicorn-15115.exe
3028	Unicorn-49926.exe
2896	Unicorn-30060.exe
3064	Unicorn-39895.exe
2564	Unicorn-54840.exe
2528	Unicorn-31727.exe
2400	Unicorn-50756.exe
2308	Unicorn-30335.exe
3036	Unicorn-62453.exe
1968	Unicorn-15390.exe
1512	Unicorn-54285.exe
2468	Unicorn-45925.exe
2472	Unicorn-17891.exe
832	Unicorn-39703.exe
1792	Unicorn-808.exe
2836	Unicorn-808.exe
2656	Unicorn-3501.exe
1644	Unicorn-62261.exe
2652	Unicorn-27451.exe
2936	Unicorn-62261.exe
608	Unicorn-15198.exe
1628	Unicorn-62261.exe
2848	Unicorn-64954.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2016	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	30
PID 2536 wrote to memory of 2016	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	30
PID 2536 wrote to memory of 2016	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	30
PID 2536 wrote to memory of 2016	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	30
PID 2016 wrote to memory of 1988	2016	Unicorn-44708.exe	31
PID 2016 wrote to memory of 1988	2016	Unicorn-44708.exe	31
PID 2016 wrote to memory of 1988	2016	Unicorn-44708.exe	31
PID 2016 wrote to memory of 1988	2016	Unicorn-44708.exe	31
PID 2536 wrote to memory of 2920	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	32
PID 2536 wrote to memory of 2920	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	32
PID 2536 wrote to memory of 2920	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	32
PID 2536 wrote to memory of 2920	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	32
PID 2536 wrote to memory of 2748	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	33
PID 2536 wrote to memory of 2748	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	33
PID 2536 wrote to memory of 2748	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	33
PID 2536 wrote to memory of 2748	2536	74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe	33
PID 2016 wrote to memory of 2832	2016	Unicorn-44708.exe	34
PID 2016 wrote to memory of 2832	2016	Unicorn-44708.exe	34
PID 2016 wrote to memory of 2832	2016	Unicorn-44708.exe	34
PID 2016 wrote to memory of 2832	2016	Unicorn-44708.exe	34
PID 1988 wrote to memory of 2760	1988	Unicorn-24371.exe	35
PID 1988 wrote to memory of 2760	1988	Unicorn-24371.exe	35
PID 1988 wrote to memory of 2760	1988	Unicorn-24371.exe	35
PID 1988 wrote to memory of 2760	1988	Unicorn-24371.exe	35
PID 2920 wrote to memory of 2768	2920	Unicorn-39315.exe	36
PID 2920 wrote to memory of 2768	2920	Unicorn-39315.exe	36
PID 2920 wrote to memory of 2768	2920	Unicorn-39315.exe	36
PID 2920 wrote to memory of 2768	2920	Unicorn-39315.exe	36
PID 2016 wrote to memory of 2608	2016	Unicorn-44708.exe	37
PID 2016 wrote to memory of 2608	2016	Unicorn-44708.exe	37
PID 2016 wrote to memory of 2608	2016	Unicorn-44708.exe	37
PID 2016 wrote to memory of 2608	2016	Unicorn-44708.exe	37
PID 2760 wrote to memory of 2312	2760	Unicorn-22316.exe	38
PID 2760 wrote to memory of 2312	2760	Unicorn-22316.exe	38
PID 2760 wrote to memory of 2312	2760	Unicorn-22316.exe	38
PID 2760 wrote to memory of 2312	2760	Unicorn-22316.exe	38
PID 1988 wrote to memory of 2336	1988	Unicorn-24371.exe	39
PID 1988 wrote to memory of 2336	1988	Unicorn-24371.exe	39
PID 1988 wrote to memory of 2336	1988	Unicorn-24371.exe	39
PID 1988 wrote to memory of 2336	1988	Unicorn-24371.exe	39
PID 2832 wrote to memory of 1908	2832	Unicorn-2450.exe	40
PID 2832 wrote to memory of 1908	2832	Unicorn-2450.exe	40
PID 2832 wrote to memory of 1908	2832	Unicorn-2450.exe	40
PID 2832 wrote to memory of 1908	2832	Unicorn-2450.exe	40
PID 2920 wrote to memory of 1216	2920	Unicorn-39315.exe	42
PID 2920 wrote to memory of 1216	2920	Unicorn-39315.exe	42
PID 2920 wrote to memory of 1216	2920	Unicorn-39315.exe	42
PID 2920 wrote to memory of 1216	2920	Unicorn-39315.exe	42
PID 2768 wrote to memory of 2980	2768	Unicorn-57126.exe	41
PID 2768 wrote to memory of 2980	2768	Unicorn-57126.exe	41
PID 2768 wrote to memory of 2980	2768	Unicorn-57126.exe	41
PID 2768 wrote to memory of 2980	2768	Unicorn-57126.exe	41
PID 2980 wrote to memory of 2880	2980	Unicorn-64308.exe	43
PID 2980 wrote to memory of 2880	2980	Unicorn-64308.exe	43
PID 2980 wrote to memory of 2880	2980	Unicorn-64308.exe	43
PID 2980 wrote to memory of 2880	2980	Unicorn-64308.exe	43
PID 1988 wrote to memory of 2192	1988	Unicorn-24371.exe	45
PID 1988 wrote to memory of 2192	1988	Unicorn-24371.exe	45
PID 1988 wrote to memory of 2192	1988	Unicorn-24371.exe	45
PID 1988 wrote to memory of 2192	1988	Unicorn-24371.exe	45
PID 2920 wrote to memory of 2240	2920	Unicorn-39315.exe	46
PID 2920 wrote to memory of 2240	2920	Unicorn-39315.exe	46
PID 2920 wrote to memory of 2240	2920	Unicorn-39315.exe	46
PID 2920 wrote to memory of 2240	2920	Unicorn-39315.exe	46

C:\Users\Admin\AppData\Local\Temp\74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe
"C:\Users\Admin\AppData\Local\Temp\74c4ded6e6adeeb3ca5379dfacb2d5fb670a68df2111e8a255cb9f0df3d74108N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36439.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17804.exe
        10⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        11⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        13⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        14⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        14⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        13⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        12⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 216
        11⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
        10⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
        9⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        11⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41421.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        13⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
        13⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        12⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        11⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 236
        10⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        9⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        10⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        11⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57565.exe
        12⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        13⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 236
        13⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        11⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36190.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        11⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
        12⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        12⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 220
        9⤵
        Program crash
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
        8⤵
        Program crash
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64394.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
        11⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        12⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
        10⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        9⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        10⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        11⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        12⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        12⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
        9⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 220
        8⤵
        Program crash
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-808.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        9⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        10⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        11⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33061.exe
        12⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36315.exe
        13⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        13⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        11⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 216
        10⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        11⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
        12⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        13⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        12⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        11⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        10⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42931.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        10⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
        12⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        11⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 240
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
        9⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        8⤵
        Program crash
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15858.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34571.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        10⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        11⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63258.exe
        12⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        12⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        11⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14705.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18178.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        11⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
        11⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 220
        10⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        8⤵
        Program crash
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        7⤵
        Program crash
        
        PID:2292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        6⤵
        Program crash
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        10⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        11⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        12⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        13⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
        13⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        12⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40082.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        12⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        10⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
        9⤵
        Program crash
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63979.exe
        11⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        11⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
        9⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 220
        8⤵
        Program crash
        
        PID:3444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        7⤵
        Program crash
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13439.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63854.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
        11⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        11⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 240
        10⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
        10⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
        11⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 220
        10⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        9⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 220
        8⤵
        Program crash
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        7⤵
        Program crash
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        6⤵
        Program crash
        
        PID:1072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
        10⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        11⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        12⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
        13⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
        14⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        13⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
        12⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        11⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        10⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
        11⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
        12⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        12⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 236
        11⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        10⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        11⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
        12⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
        12⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        11⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        10⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        9⤵
        Program crash
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        8⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        11⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        12⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        13⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        11⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        10⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 236
        9⤵
        Program crash
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        8⤵
        Program crash
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        11⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        13⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
        12⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        11⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48722.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        10⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        12⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        11⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        10⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
        12⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 236
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        8⤵
        Program crash
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
        7⤵
        Program crash
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23450.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
        10⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
        12⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        12⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        11⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        10⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        11⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        11⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
        10⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
        11⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        12⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        11⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        9⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        8⤵
        Program crash
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13890.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        10⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
        11⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
        10⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20517.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2853.exe
        9⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        10⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        10⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        9⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        8⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        7⤵
        Program crash
        
        PID:1772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        6⤵
        Program crash
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
        9⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
        11⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        12⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        13⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
        13⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        12⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        11⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24213.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
        11⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        12⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        12⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 236
        11⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        12⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        11⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 240
        10⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
        10⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        11⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 220
        12⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        11⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        9⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
        8⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        10⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        11⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
        12⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 220
        12⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        11⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        11⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        11⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        9⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        8⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        7⤵
        Program crash
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18536.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        11⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        12⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        11⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        9⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55707.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        11⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 236
        10⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        9⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57513.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
        10⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        11⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        10⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        8⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        7⤵
        Program crash
        
        PID:3860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        6⤵
        Program crash
        
        PID:1440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        5⤵
        Program crash
        
        PID:1520
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        9⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        9⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4799.exe
        11⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        12⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        12⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        11⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        10⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        11⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        9⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        8⤵
        Program crash
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54176.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38245.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14373.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        12⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        12⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20517.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56776.exe
        10⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        11⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55847.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        10⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35386.exe
        11⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        11⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        10⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 220
        8⤵
        Program crash
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        7⤵
        Program crash
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        11⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 236
        12⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
        10⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        10⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        11⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        11⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        10⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        11⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        11⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        10⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        9⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        8⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
        7⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        11⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        11⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        10⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8073.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        10⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        9⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        7⤵
        Program crash
        
        PID:3124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        6⤵
        Program crash
        
        PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6039.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        11⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        12⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 220
        12⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        10⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        10⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 220
        11⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        10⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8120.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4026.exe
        11⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        10⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        9⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        8⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 220
        7⤵
        Program crash
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        6⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27607.exe
        10⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        11⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        10⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        9⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        10⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
        10⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        9⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        8⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 220
        7⤵
        Program crash
        
        PID:4900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        6⤵
        Program crash
        
        PID:2216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        5⤵
        Program crash
        
        PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 220
        11⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23641.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        10⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51764.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
        9⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 220
        8⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        7⤵
        Program crash
        
        PID:3412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        6⤵
        Program crash
        
        PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54093.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36382.exe
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        10⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        10⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32106.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        9⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        10⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        10⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        9⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        8⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        7⤵
        
        PID:4980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        9⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        10⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27644.exe
        11⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        10⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        9⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        8⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
        7⤵
        
        PID:4376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        6⤵
        Program crash
        
        PID:3540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        5⤵
        Program crash
        
        PID:1992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39315.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39315.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 188
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2880
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
      4⤵
      Program crash
      PID:568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24270.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45925.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51914.exe
        12⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        13⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        12⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
        11⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        10⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        11⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        12⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        11⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
        10⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        11⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 236
        10⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        9⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 220
        8⤵
        Program crash
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4529.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25308.exe
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
        10⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        11⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
        10⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        8⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        7⤵
        Program crash
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28344.exe
        11⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        11⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        10⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        9⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46994.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2749.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        10⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 236
        9⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        8⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        7⤵
        Program crash
        
        PID:3908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        6⤵
        Program crash
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        10⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        10⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        9⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33371.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        9⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        10⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        10⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        9⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        8⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12204.exe
        7⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
        8⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        7⤵
        
        PID:4764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        6⤵
        Program crash
        
        PID:3264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        5⤵
        Program crash
        
        PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32385.exe
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        10⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 236
        10⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 236
        9⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        8⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        7⤵
        Program crash
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        10⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        10⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        9⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        8⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
        7⤵
        
        PID:4336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 220
        6⤵
        Program crash
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61078.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        9⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        10⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 220
        10⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        9⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        8⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
        7⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
        8⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        9⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        8⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        7⤵
        
        PID:7008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        6⤵
        Program crash
        
        PID:4928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        5⤵
        Program crash
        
        PID:2380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
      4⤵
      Program crash
      PID:2008
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2240
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
  2⤵
  - Program crash
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18178.exe

Filesize
184KB

MD5
ae2ba28e90e98b3c87cb6d0661bf159e

SHA1
26b9fed9cd160a33aad1ba347ffa1485d585a00a

SHA256
00018b174171bc942bb9e84f5b979d19addf8c8e6210da45bc3354c9f9b4650c

SHA512
6494d34e5b4adb0b0182dfa58067a36d0944c1f2ebd225c7f13606db0019c40a87236de17c1888418cfa181a14b4375ef10f4e9e30641391f004487bdcfc31b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe

Filesize
184KB

MD5
e874dd6f1e66f8a3ccbe7026f7e608a2

SHA1
13526e59727712f0c6b91e219d9bcab2fe00b41b

SHA256
e1f2292f15b2fcc323190315277a757e9fd22af35794bd252804b9985c6d53c7

SHA512
c880146f7eb33752bcd5f54fb921291118b1e744297122c162c08fd32edbd771321da7be17f7c25b4726dbb3efe6bc55bd5c35bb44faf5c34db7d648dae6c58d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe

Filesize
184KB

MD5
d3d59dd5dbddb89f33f60c5fec588d14

SHA1
5c6c4bc9dba2c43721930d344d246e305a4d43d2

SHA256
490140a4197783c3745be7b5e5979b6f61d480b02d788b7c5915c723764e1229

SHA512
cf9a03dd19684f6b5a0641139f6c939b57c5dad05c7ea8cde8860e3933ebf5659db443bdc8a404199204d9a8644bb7f27fff35482c6adad86a74878fdf53628d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe

Filesize
184KB

MD5
5d674665d28cf8e218fb7520f5aa523a

SHA1
f32f8440dafe5b1f05b5efded51b3f0df93f6e37

SHA256
030cf1f4dabaa8006eee91bf5d95b425ebd84fd540ce8976941f44ad701e8acf

SHA512
d09d1cd07c8d08cea3e0fd400ae6397537433b79b940570a2f74bd3c59b46647fcba1d91100c31a37f6c7e67b4c46e4b46ddf52c247372c9153121141209d805

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe

Filesize
184KB

MD5
5403df24019f0eab071e424011adaa3d

SHA1
08dd014c16692e4cf012c0b080d784000055f28f

SHA256
a93ed69df814080f24fd5eeadbfd5e180a58f27abaaf11e1944cdf4098060672

SHA512
199038b5a9d31a8413ee0f91e1c60726c5e927067cfe005209a68c6b9c7dc2015b4ecce9942382eb0fec75bcac36bbe8e820acb18b88a82972e23e8fe75cb1ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe

Filesize
184KB

MD5
cac39f47fa1c620ebd88b3a2e5b695d6

SHA1
9a9099ce0d1beba2bc57743f6a597425c307477b

SHA256
0a8d835110c6d6e0a518bcd0a14dd97547e61bdc56094f4adcbea7a74d04e2b2

SHA512
24c24bb67da414cbbc7253cbaf0cbee396b2ff38f8db54c43c2d8dab76b631e82faac23dc00ff196e8c5201c205648ee6c143bff20904fea97c218e67aa62dae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe

Filesize
184KB

MD5
b9020820521ec404301b928e65c27d91

SHA1
55b4716e19173461061f72bd4daee6440bbaa910

SHA256
cf669e982d0e80a4d9edc69c5e50409d0286a89423f2a142ba350b0db9a3c441

SHA512
23bc815566959b59a88bef9a7ec661c64fb85fb79d1c3a2957f72b2df9aa06ee7e98dd644fb5597b8c505f00f69af4d40ce0189126722e24fe0b96aa05b5887b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24371.exe

Filesize
184KB

MD5
54e70d70fa5ff03288886ab84e8fbe56

SHA1
b332825e97eca540ac11f5cb187cc380844274da

SHA256
823d586ae71e559da4a7270731812029751cdb526149d817afab43d6d5df2d6e

SHA512
da8f5d234a8efd3109ba3e6aa28d2e16d22c9ddc2f7595278fc6e1934736d62ba3dcb46111b8ad3493d90377f0913bb366a89baf07630185760a3ceb9cdf33b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe

Filesize
184KB

MD5
99d2fe6e786693edf3848942cb3f76b5

SHA1
e5351d5a645508650c2a94ee659ed8c54d8a0f57

SHA256
debeaafd7fbe0d6ae9b8705f9debd8a18ab03c86f6fdb03bf084986e41a42ffe

SHA512
204b7aea798d5065799b6de06d7c398eb2e754c876e99af3dbd6c878c5e718233d4e679abf948e7a7ac714a40066882f7e49ab78929259ed5cc947012aba006b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe

Filesize
184KB

MD5
db7e91657a9e02b7c757b227baf1175d

SHA1
6929e5ee86bacbe06520477f89d4d94f379b6eae

SHA256
1ffe2eef3341eab9470d7579af592191fc6048266e0807298d47bae858abfb2a

SHA512
52bdd9a09618f5dc30afb9ee398af882516c1270d7cb346ae7800d6efa26890b59c8e54b53b7fce51ce41042180c263dc239919d2bf63e6396ce66ae3e5dd143

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39315.exe

Filesize
184KB

MD5
61f0f5287160b859e9bd7d75defa0e0f

SHA1
485c2056bd6b143a4b5a002a88d513615c93e09a

SHA256
ddb3731a7d055fd7e6a20aaf213714f275a3bef6946df436e7458292c322d99d

SHA512
2b037c150fbcfd3a07cb3167ff5a6751797123fcda0bd11e66f4f6f35c9b89c1d769f0384fd85d7d583908d22ecc06f89397f81a5cc99566f5e05d01f12ee84b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe

Filesize
184KB

MD5
bf34635e0962a2177f529e9e8f969635

SHA1
e8edaf5f2d0b66a3a2921b68e4ee38653a0ac3ff

SHA256
de7ff1ff690e406f7b44e0e5bf4bb092aa8427df3de7b682ddd5c04a01ae2a85

SHA512
ed1450a0bebe2ea5a38df979b0afb4d82dcf816b26ff1906359ed8252351cad54741b6602a4dd080029e4db9616e1ac4b53bac8b9c88b5d88ead522a04491fbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe

Filesize
184KB

MD5
11864f19974874f1f3bace96e27b9ba0

SHA1
10f8f66b2a5e7449060168871caf699187439e46

SHA256
eee580eff9bc06b518c9adbc8d5b9ea31fcb1a2d09e494c19410ed94cd593fa5

SHA512
ed182d7390d59405709d137a88aa9b54b72b4fd712f6d2d64b6bb4c3ee58344a974731473729da9cd9f14c5f87b1cdc773d33264e19422814d228471e16be043

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe

Filesize
184KB

MD5
86399fb6e3e7f273e41152a5e7c6e3cc

SHA1
8a6125962f1681052b9f33853ff60b8f9360e8b9

SHA256
19e7e66eb29da7ab0a8f6c9ff6d36b5706d27f1824a2cd667c9027f75beea768

SHA512
afc8b6e64ac416923da265b0a9d80c9f80dbfc5ad70fccf6db7b8e27f6a926e5cca3e2fc8feb58942dac9a511c2219d82cedb14863b760def1ab9d4340ee430d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60367.exe

Filesize
184KB

MD5
595b26c034ee0134da3a56684057ee12

SHA1
400881e860df6d31191473451b516c2f17d25f34

SHA256
dc72040db750cd60b94caf7210bc2226b370c0bf784853240a9b8ac40c2250ec

SHA512
e51fdd95e0817742dd22da6cb85f59e3244d4e45560fa388ced57ccd3762fff661f95f442213fbe28ea456b9833df3531df717f0504dda63ae85e62be3e65c8e

Download Submit