e758dac1aa20266d76413f90784773367a390a3047948d80ed7e854e3a1a2ad7

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Trojan.Win32.Fareit.VB.exe
Size

468KB
MD5

a30a67f72df4ee28e87b344c1b7c7840
SHA1

2832947e0261f39a4ff6064fbe6b902ecb22400d
SHA256

e758dac1aa20266d76413f90784773367a390a3047948d80ed7e854e3a1a2ad7
SHA512

6c3d3727fb7a050a6654215874a6adfb2ddce2eaebb767ce78003c34e2b3ccaca110d0ad1b8803475ebb455a60bc200edf53d560bdf864770216077a295da908
SSDEEP

3072:1GWHogISIE5TtbY2HzcOcf8/zCcae0pkJVHeTVP1Q6NLo7ggEClL:1GWobMTtxH4OcfYY1LQ6p2ggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
324	Unicorn-31536.exe
1204	Unicorn-62558.exe
2268	Unicorn-26356.exe
2732	Unicorn-52885.exe
2848	Unicorn-24851.exe
2900	Unicorn-28381.exe
2888	Unicorn-14082.exe
2592	Unicorn-22058.exe
1976	Unicorn-63090.exe
2404	Unicorn-14666.exe
1252	Unicorn-26504.exe
2240	Unicorn-20797.exe
2548	Unicorn-60412.exe
560	Unicorn-14475.exe
1788	Unicorn-23423.exe
916	Unicorn-63038.exe
1048	Unicorn-1414.exe
1720	Unicorn-42063.exe
2204	Unicorn-25404.exe
2860	Unicorn-43141.exe
1880	Unicorn-24767.exe
940	Unicorn-262.exe
556	Unicorn-65534.exe
888	Unicorn-27590.exe
2472	Unicorn-19422.exe
1348	Unicorn-65093.exe
1984	Unicorn-11067.exe
608	Unicorn-13867.exe
2980	Unicorn-3464.exe
2080	Unicorn-8295.exe
1772	Unicorn-55488.exe
2568	Unicorn-16685.exe
1632	Unicorn-31368.exe
2328	Unicorn-43214.exe
1336	Unicorn-63080.exe
2160	Unicorn-59743.exe
2220	Unicorn-22048.exe
2208	Unicorn-40998.exe
2748	Unicorn-6287.exe
2716	Unicorn-5134.exe
2052	Unicorn-30600.exe
848	Unicorn-57216.exe
2264	Unicorn-39354.exe
2152	Unicorn-30688.exe
2216	Unicorn-19753.exe
2368	Unicorn-56147.exe
2364	Unicorn-36281.exe
492	Unicorn-40195.exe
1980	Unicorn-15425.exe
1704	Unicorn-3801.exe
2296	Unicorn-47211.exe
1740	Unicorn-49441.exe
2060	Unicorn-60018.exe
2996	Unicorn-41970.exe
2424	Unicorn-54585.exe
3012	Unicorn-49946.exe
1664	Unicorn-50522.exe
2788	Unicorn-44392.exe
2500	Unicorn-30464.exe
1548	Unicorn-42162.exe
3024	Unicorn-64180.exe
584	Unicorn-64445.exe
876	Unicorn-28819.exe
2128	Unicorn-48685.exe

Loads dropped DLL 64 IoCs

pid	Process
1508	Trojan.Win32.Fareit.VB.exe
1508	Trojan.Win32.Fareit.VB.exe
324	Unicorn-31536.exe
324	Unicorn-31536.exe
1508	Trojan.Win32.Fareit.VB.exe
1508	Trojan.Win32.Fareit.VB.exe
1204	Unicorn-62558.exe
1204	Unicorn-62558.exe
324	Unicorn-31536.exe
324	Unicorn-31536.exe
2268	Unicorn-26356.exe
2268	Unicorn-26356.exe
1508	Trojan.Win32.Fareit.VB.exe
1508	Trojan.Win32.Fareit.VB.exe
2732	Unicorn-52885.exe
2732	Unicorn-52885.exe
2848	Unicorn-24851.exe
2848	Unicorn-24851.exe
1204	Unicorn-62558.exe
324	Unicorn-31536.exe
2888	Unicorn-14082.exe
324	Unicorn-31536.exe
1204	Unicorn-62558.exe
2888	Unicorn-14082.exe
2268	Unicorn-26356.exe
1508	Trojan.Win32.Fareit.VB.exe
2268	Unicorn-26356.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1508	Trojan.Win32.Fareit.VB.exe
1480	WerFault.exe
2592	Unicorn-22058.exe
2592	Unicorn-22058.exe
2732	Unicorn-52885.exe
2732	Unicorn-52885.exe
2240	Unicorn-20797.exe
2240	Unicorn-20797.exe
2548	Unicorn-60412.exe
2548	Unicorn-60412.exe
2888	Unicorn-14082.exe
2888	Unicorn-14082.exe
2268	Unicorn-26356.exe
2268	Unicorn-26356.exe
2404	Unicorn-14666.exe
2404	Unicorn-14666.exe
324	Unicorn-31536.exe
1976	Unicorn-63090.exe
324	Unicorn-31536.exe
1976	Unicorn-63090.exe
1252	Unicorn-26504.exe
1252	Unicorn-26504.exe
560	Unicorn-14475.exe
560	Unicorn-14475.exe
2848	Unicorn-24851.exe
2848	Unicorn-24851.exe
1508	Trojan.Win32.Fareit.VB.exe
1204	Unicorn-62558.exe
1508	Trojan.Win32.Fareit.VB.exe
1204	Unicorn-62558.exe
1788	Unicorn-23423.exe
1788	Unicorn-23423.exe
2592	Unicorn-22058.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1480	2900	WerFault.exe	34
2224	608	WerFault.exe	57
2620	556	WerFault.exe	51
2632	1348	WerFault.exe	55
1128	2364	WerFault.exe	77
2044	1976	WerFault.exe	37
2776	2296	WerFault.exe	82
924	2860	WerFault.exe	49
1484	2220	WerFault.exe	66
2696	2060	WerFault.exe	85
1944	2684	WerFault.exe	101
2148	3024	WerFault.exe	93
2188	1548	WerFault.exe	92
2928	1704	WerFault.exe	81
2576	2348	WerFault.exe	124
1956	840	WerFault.exe	109
3484	2744	WerFault.exe	103
3492	2640	WerFault.exe	105
3696	2984	WerFault.exe	131
3688	2780	WerFault.exe	113
3680	2784	WerFault.exe	115
3904	2052	WerFault.exe	70
3940	2424	WerFault.exe	87
3948	2264	WerFault.exe	74
3972	888	WerFault.exe	53
3996	1936	WerFault.exe	117
3988	2832	WerFault.exe	130
4004	1644	WerFault.exe	135
4016	2624	WerFault.exe	132
4040	1740	WerFault.exe	84
3244	1788	WerFault.exe	44
3444	1632	WerFault.exe	62
3560	2472	WerFault.exe	54
3572	1744	WerFault.exe	100
3600	2028	WerFault.exe	102
3612	2520	WerFault.exe	98
3640	916	WerFault.exe	45
3628	584	WerFault.exe	94
3648	2128	WerFault.exe	96
3720	1000	WerFault.exe	134
3740	1336	WerFault.exe	64
3756	2548	WerFault.exe	42
3304	2500	WerFault.exe	91
3900	2080	WerFault.exe	59
3920	2124	WerFault.exe	107
3836	2068	WerFault.exe	97
3828	2328	WerFault.exe	63
3916	2160	WerFault.exe	65
3816	876	WerFault.exe	95
3780	2208	WerFault.exe	67
3776	2740	WerFault.exe	129
4028	2788	WerFault.exe	89
3128	628	WerFault.exe	143
3076	852	WerFault.exe	140
4572	2204	WerFault.exe	48
4580	1720	WerFault.exe	47
4644	560	WerFault.exe	43
4628	2996	WerFault.exe	86
4612	1980	WerFault.exe	80
4604	2848	WerFault.exe	33
4596	492	WerFault.exe	79
4736	1532	WerFault.exe	125
4728	2020	WerFault.exe	99
4720	2056	WerFault.exe	114

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59925.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10930.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52270.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1508	Trojan.Win32.Fareit.VB.exe
324	Unicorn-31536.exe
1204	Unicorn-62558.exe
2268	Unicorn-26356.exe
2848	Unicorn-24851.exe
2732	Unicorn-52885.exe
2900	Unicorn-28381.exe
2888	Unicorn-14082.exe
2592	Unicorn-22058.exe
1976	Unicorn-63090.exe
1252	Unicorn-26504.exe
2240	Unicorn-20797.exe
2548	Unicorn-60412.exe
560	Unicorn-14475.exe
2404	Unicorn-14666.exe
1788	Unicorn-23423.exe
916	Unicorn-63038.exe
1048	Unicorn-1414.exe
1720	Unicorn-42063.exe
2860	Unicorn-43141.exe
2204	Unicorn-25404.exe
556	Unicorn-65534.exe
1880	Unicorn-24767.exe
940	Unicorn-262.exe
888	Unicorn-27590.exe
2472	Unicorn-19422.exe
1984	Unicorn-11067.exe
608	Unicorn-13867.exe
1348	Unicorn-65093.exe
2980	Unicorn-3464.exe
2080	Unicorn-8295.exe
1772	Unicorn-55488.exe
2568	Unicorn-16685.exe
1632	Unicorn-31368.exe
2160	Unicorn-59743.exe
2328	Unicorn-43214.exe
1336	Unicorn-63080.exe
2220	Unicorn-22048.exe
2208	Unicorn-40998.exe
2748	Unicorn-6287.exe
2052	Unicorn-30600.exe
2716	Unicorn-5134.exe
848	Unicorn-57216.exe
2264	Unicorn-39354.exe
2216	Unicorn-19753.exe
2368	Unicorn-56147.exe
2152	Unicorn-30688.exe
2364	Unicorn-36281.exe
492	Unicorn-40195.exe
1980	Unicorn-15425.exe
1704	Unicorn-3801.exe
2296	Unicorn-47211.exe
1740	Unicorn-49441.exe
2060	Unicorn-60018.exe
2424	Unicorn-54585.exe
2996	Unicorn-41970.exe
3012	Unicorn-49946.exe
1664	Unicorn-50522.exe
1548	Unicorn-42162.exe
2788	Unicorn-44392.exe
2500	Unicorn-30464.exe
584	Unicorn-64445.exe
3024	Unicorn-64180.exe
2128	Unicorn-48685.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 324	1508	Trojan.Win32.Fareit.VB.exe	29
PID 1508 wrote to memory of 324	1508	Trojan.Win32.Fareit.VB.exe	29
PID 1508 wrote to memory of 324	1508	Trojan.Win32.Fareit.VB.exe	29
PID 1508 wrote to memory of 324	1508	Trojan.Win32.Fareit.VB.exe	29
PID 324 wrote to memory of 1204	324	Unicorn-31536.exe	30
PID 324 wrote to memory of 1204	324	Unicorn-31536.exe	30
PID 324 wrote to memory of 1204	324	Unicorn-31536.exe	30
PID 324 wrote to memory of 1204	324	Unicorn-31536.exe	30
PID 1508 wrote to memory of 2268	1508	Trojan.Win32.Fareit.VB.exe	31
PID 1508 wrote to memory of 2268	1508	Trojan.Win32.Fareit.VB.exe	31
PID 1508 wrote to memory of 2268	1508	Trojan.Win32.Fareit.VB.exe	31
PID 1508 wrote to memory of 2268	1508	Trojan.Win32.Fareit.VB.exe	31
PID 1204 wrote to memory of 2732	1204	Unicorn-62558.exe	32
PID 1204 wrote to memory of 2732	1204	Unicorn-62558.exe	32
PID 1204 wrote to memory of 2732	1204	Unicorn-62558.exe	32
PID 1204 wrote to memory of 2732	1204	Unicorn-62558.exe	32
PID 324 wrote to memory of 2848	324	Unicorn-31536.exe	33
PID 324 wrote to memory of 2848	324	Unicorn-31536.exe	33
PID 324 wrote to memory of 2848	324	Unicorn-31536.exe	33
PID 324 wrote to memory of 2848	324	Unicorn-31536.exe	33
PID 2268 wrote to memory of 2900	2268	Unicorn-26356.exe	34
PID 2268 wrote to memory of 2900	2268	Unicorn-26356.exe	34
PID 2268 wrote to memory of 2900	2268	Unicorn-26356.exe	34
PID 2268 wrote to memory of 2900	2268	Unicorn-26356.exe	34
PID 1508 wrote to memory of 2888	1508	Trojan.Win32.Fareit.VB.exe	35
PID 1508 wrote to memory of 2888	1508	Trojan.Win32.Fareit.VB.exe	35
PID 1508 wrote to memory of 2888	1508	Trojan.Win32.Fareit.VB.exe	35
PID 1508 wrote to memory of 2888	1508	Trojan.Win32.Fareit.VB.exe	35
PID 2732 wrote to memory of 2592	2732	Unicorn-52885.exe	36
PID 2732 wrote to memory of 2592	2732	Unicorn-52885.exe	36
PID 2732 wrote to memory of 2592	2732	Unicorn-52885.exe	36
PID 2732 wrote to memory of 2592	2732	Unicorn-52885.exe	36
PID 2848 wrote to memory of 1976	2848	Unicorn-24851.exe	37
PID 2848 wrote to memory of 1976	2848	Unicorn-24851.exe	37
PID 2848 wrote to memory of 1976	2848	Unicorn-24851.exe	37
PID 2848 wrote to memory of 1976	2848	Unicorn-24851.exe	37
PID 2900 wrote to memory of 1480	2900	Unicorn-28381.exe	38
PID 2900 wrote to memory of 1480	2900	Unicorn-28381.exe	38
PID 2900 wrote to memory of 1480	2900	Unicorn-28381.exe	38
PID 2900 wrote to memory of 1480	2900	Unicorn-28381.exe	38
PID 324 wrote to memory of 2404	324	Unicorn-31536.exe	40
PID 324 wrote to memory of 2404	324	Unicorn-31536.exe	40
PID 324 wrote to memory of 2404	324	Unicorn-31536.exe	40
PID 324 wrote to memory of 2404	324	Unicorn-31536.exe	40
PID 1204 wrote to memory of 1252	1204	Unicorn-62558.exe	39
PID 1204 wrote to memory of 1252	1204	Unicorn-62558.exe	39
PID 1204 wrote to memory of 1252	1204	Unicorn-62558.exe	39
PID 1204 wrote to memory of 1252	1204	Unicorn-62558.exe	39
PID 2888 wrote to memory of 2240	2888	Unicorn-14082.exe	41
PID 2888 wrote to memory of 2240	2888	Unicorn-14082.exe	41
PID 2888 wrote to memory of 2240	2888	Unicorn-14082.exe	41
PID 2888 wrote to memory of 2240	2888	Unicorn-14082.exe	41
PID 2268 wrote to memory of 2548	2268	Unicorn-26356.exe	42
PID 2268 wrote to memory of 2548	2268	Unicorn-26356.exe	42
PID 2268 wrote to memory of 2548	2268	Unicorn-26356.exe	42
PID 2268 wrote to memory of 2548	2268	Unicorn-26356.exe	42
PID 1508 wrote to memory of 560	1508	Trojan.Win32.Fareit.VB.exe	43
PID 1508 wrote to memory of 560	1508	Trojan.Win32.Fareit.VB.exe	43
PID 1508 wrote to memory of 560	1508	Trojan.Win32.Fareit.VB.exe	43
PID 1508 wrote to memory of 560	1508	Trojan.Win32.Fareit.VB.exe	43
PID 2592 wrote to memory of 1788	2592	Unicorn-22058.exe	44
PID 2592 wrote to memory of 1788	2592	Unicorn-22058.exe	44
PID 2592 wrote to memory of 1788	2592	Unicorn-22058.exe	44
PID 2592 wrote to memory of 1788	2592	Unicorn-22058.exe	44

C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.Fareit.VB.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan.Win32.Fareit.VB.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
        10⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        11⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        11⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        11⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
        10⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        10⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41144.exe
        10⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 228
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 244
        9⤵
        Program crash
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        9⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 224
        10⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 248
        9⤵
        Program crash
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36266.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        9⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        9⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        9⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 224
        9⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17079.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
        9⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        9⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        8⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        8⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 248
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41763.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22548.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        10⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54967.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        9⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 248
        9⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 248
        8⤵
        Program crash
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
        9⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        9⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        9⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39450.exe
        9⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        9⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        8⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 248
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 220
        8⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        7⤵
        Program crash
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        9⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
        9⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5626.exe
        9⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        9⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        8⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        8⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29032.exe
        7⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        8⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 220
        8⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 244
        7⤵
        Program crash
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16226.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34856.exe
        8⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 248
        7⤵
        Program crash
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        6⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
        7⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 248
        7⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        7⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40806.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32249.exe
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50522.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
        8⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 244
        9⤵
        Program crash
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47396.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        9⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13316.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24972.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        8⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        9⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        8⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
        8⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        8⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        8⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        7⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        7⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 224
        8⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 248
        7⤵
        Program crash
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24786.exe
        6⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        7⤵
        
        PID:4892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 248
        6⤵
        Program crash
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 224
        7⤵
        Program crash
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22530.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        7⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        7⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8367.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60123.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        7⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10930.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45862.exe
        6⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        6⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
        6⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        6⤵
        Program crash
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        5⤵
        
        PID:1552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 224
        6⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        5⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        6⤵
        
        PID:7424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 228
        6⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40346.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
        5⤵
        
        PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27590.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        6⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        8⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        8⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        8⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32331.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        7⤵
        
        PID:9200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 244
        6⤵
        Program crash
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 244
        6⤵
        Program crash
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        5⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25543.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
        7⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        6⤵
        
        PID:5468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 244
        6⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 224
        6⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        5⤵
        
        PID:7968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 248
        5⤵
        
        PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 224
        5⤵
        Program crash
        
        PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        5⤵
        
        PID:2784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 244
        6⤵
        Program crash
        
        PID:3680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 228
        5⤵
        Program crash
        
        PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
      4⤵
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        5⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7319.exe
        6⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14338.exe
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21182.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
        6⤵
        
        PID:9156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 248
        5⤵
        
        PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 228
        5⤵
        
        PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
      4⤵
      PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        5⤵
        
        PID:9196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 248
      4⤵
      PID:5808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
        7⤵
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        8⤵
        Program crash
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
        7⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64950.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        7⤵
        
        PID:8268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
        6⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 244
        7⤵
        Program crash
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
        7⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        7⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        6⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        6⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54312.exe
        6⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 224
        6⤵
        Program crash
        
        PID:1128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 244
        5⤵
        Program crash
        
        PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 244
        5⤵
        Program crash
        
        PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        5⤵
        
        PID:628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 224
        6⤵
        Program crash
        
        PID:3128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        5⤵
        Program crash
        
        PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        6⤵
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        6⤵
        
        PID:8732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 248
        5⤵
        
        PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
      4⤵
      PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13437.exe
        5⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
        5⤵
        
        PID:8920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 248
      4⤵
      Program crash
      PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        6⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41751.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7846.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
        8⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        8⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 248
        7⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        7⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 216
        7⤵
        
        PID:6488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 492 -s 244
        6⤵
        Program crash
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        5⤵
        
        PID:2640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 224
        6⤵
        Program crash
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        5⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58521.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
        6⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
        5⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3801.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        5⤵
        
        PID:2348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 220
        6⤵
        Program crash
        
        PID:2576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        5⤵
        Program crash
        
        PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24412.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 224
        5⤵
        Program crash
        
        PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
      4⤵
      PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36072.exe
        5⤵
        
        PID:6320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 224
        5⤵
        
        PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
      4⤵
      PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
      4⤵
      PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
      4⤵
      PID:9048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:556
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 244
      4⤵
      Program crash
      PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
      4⤵
      PID:852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 224
        5⤵
        Program crash
        
        PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
      4⤵
      PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        5⤵
        
        PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42564.exe
      4⤵
      PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37499.exe
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
      4⤵
      PID:8016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
      4⤵
      PID:8816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45502.exe
    3⤵
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51241.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        5⤵
        
        PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65108.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
      4⤵
      PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
      4⤵
      PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
      4⤵
      PID:9168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
    3⤵
    PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
      4⤵
      PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
      4⤵
      PID:8004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 224
      4⤵
      PID:9104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
    3⤵
    PID:5544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47891.exe
    3⤵
    PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
    3⤵
    PID:7940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
    3⤵
    PID:8012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
    3⤵
    PID:8756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        6⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 248
        8⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 248
        7⤵
        Program crash
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        6⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 224
        7⤵
        
        PID:4484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 244
        6⤵
        Program crash
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        6⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6719.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        7⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54385.exe
        7⤵
        
        PID:4224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 228
        6⤵
        Program crash
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
        6⤵
        
        PID:5636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 228
        6⤵
        
        PID:6580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 248
        5⤵
        Program crash
        
        PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        7⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 224
        7⤵
        
        PID:9028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 248
        6⤵
        Program crash
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        5⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        6⤵
        
        PID:4952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 228
        6⤵
        
        PID:5896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 244
        5⤵
        Program crash
        
        PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
      4⤵
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 228
        6⤵
        
        PID:5904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 248
        5⤵
        Program crash
        
        PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14315.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        5⤵
        
        PID:7836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 228
        5⤵
        
        PID:2964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 244
      4⤵
      Program crash
      PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
        5⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        7⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63050.exe
        7⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        6⤵
        
        PID:4780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 244
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        6⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 220
        6⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        5⤵
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31701.exe
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
        5⤵
        
        PID:8764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 248
      4⤵
      Program crash
      PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        5⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        6⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        6⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
        6⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 248
        5⤵
        
        PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
      4⤵
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        5⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2012.exe
        5⤵
        
        PID:8804
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 244
      4⤵
      Program crash
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
    3⤵
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
      4⤵
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 228
        5⤵
        
        PID:6948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 248
      4⤵
      Program crash
      PID:4720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
    3⤵
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
      4⤵
      PID:5540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 228
      4⤵
      PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57922.exe
    3⤵
    PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
      4⤵
      PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
    3⤵
    PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
    3⤵
    PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
    3⤵
    PID:8380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
        7⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 224
        8⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 248
        7⤵
        Program crash
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30075.exe
        6⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48468.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        7⤵
        
        PID:8408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 244
        6⤵
        Program crash
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
        5⤵
        Executes dropped EXE
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        6⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 224
        7⤵
        
        PID:4480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 228
        6⤵
        Program crash
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
        5⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        6⤵
        
        PID:7480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 228
        6⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        5⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        5⤵
        
        PID:7828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 248
        5⤵
        
        PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        5⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 224
        7⤵
        
        PID:5268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 248
        6⤵
        Program crash
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 224
        5⤵
        Program crash
        
        PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
      4⤵
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        6⤵
        
        PID:8548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 228
        5⤵
        
        PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
      4⤵
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        5⤵
        
        PID:5396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 248
        5⤵
        
        PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
      4⤵
      PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
      4⤵
      PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22470.exe
      4⤵
      PID:8224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 244
        5⤵
        Program crash
        
        PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10677.exe
      4⤵
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        5⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        6⤵
        
        PID:5208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        6⤵
        
        PID:6536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 248
        5⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
      4⤵
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
        5⤵
        
        PID:9116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 248
      4⤵
      Program crash
      PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17165.exe
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        5⤵
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        6⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        6⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
        6⤵
        
        PID:7352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 240
        6⤵
        
        PID:8452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 248
        5⤵
        Program crash
        
        PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        5⤵
        
        PID:5572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 224
        5⤵
        
        PID:6960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 244
      4⤵
      Program crash
      PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
    3⤵
    PID:2744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 224
      4⤵
      Program crash
      PID:3484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
    3⤵
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:872
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 228
      4⤵
      PID:7012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40856.exe
    3⤵
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
      4⤵
      PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
    3⤵
    PID:5748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
    3⤵
    PID:6700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
    3⤵
    PID:7496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
    3⤵
    PID:8412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        5⤵
        
        PID:2984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 224
        6⤵
        Program crash
        
        PID:3696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        5⤵
        Program crash
        
        PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
      4⤵
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        5⤵
        
        PID:1228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 224
        6⤵
        
        PID:5512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 228
        5⤵
        Program crash
        
        PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        5⤵
        
        PID:7192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 228
        5⤵
        
        PID:8596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 228
      4⤵
      Program crash
      PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        5⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60851.exe
        6⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        6⤵
        
        PID:7720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51606.exe
        6⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58948.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        5⤵
        
        PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
      4⤵
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        5⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48399.exe
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
      4⤵
      PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
      4⤵
      PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
      4⤵
      PID:7796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30764.exe
    3⤵
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
        5⤵
        
        PID:5968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 228
        5⤵
        
        PID:6936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 228
      4⤵
      Program crash
      PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
    3⤵
    PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
      4⤵
      PID:6480
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 244
    3⤵
    - Program crash
    PID:4644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
      4⤵
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2342.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
        6⤵
        
        PID:2300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 220
        6⤵
        
        PID:7204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 248
        5⤵
        Program crash
        
        PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
      4⤵
      PID:2580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 244
        5⤵
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
      4⤵
      PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        5⤵
        
        PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
      4⤵
      PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
      4⤵
      PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
      4⤵
      PID:8876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
      4⤵
      PID:8892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
    3⤵
    PID:2684
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 244
      4⤵
      Program crash
      PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
    3⤵
    PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
      4⤵
      PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        5⤵
        
        PID:5588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 228
        5⤵
        
        PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
      4⤵
      PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
      4⤵
      PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
      4⤵
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
      4⤵
      PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
      4⤵
      PID:7304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 220
      4⤵
      PID:9120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10516.exe
    3⤵
    PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
    3⤵
    PID:7892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14424.exe
    3⤵
    PID:7900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
    3⤵
    PID:8440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
    3⤵
    PID:2832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 224
      4⤵
      Program crash
      PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
    3⤵
    PID:3176
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 224
      4⤵
      PID:2212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
    3⤵
    PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51157.exe
    3⤵
    PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
    3⤵
    PID:8628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41406.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41406.exe
  2⤵
  PID:2624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 244
    3⤵
    - Program crash
    PID:4016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
  2⤵
  PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
    3⤵
    PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
    3⤵
    PID:7420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
    3⤵
    PID:9092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
  2⤵
  PID:4552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
  2⤵
  PID:7384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
  2⤵
  PID:8472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe

Filesize
468KB

MD5
9f34a7d939f0fe74f4e3bb8e95b27df7

SHA1
4250ed8996e9d350e99dae985ea9497477e56846

SHA256
7b5ee991ce88981048549c59210fb447074fa94f48f2b2e4a4ec708154c2509d

SHA512
697ef5fd67a8cafded76b77c96721f4e58f9e5586c7aaf7eb4bc397bfbc6eec4ba30c92f72898d8154a2ec14fa3ac5b987b3d6873db202225cdc8655ecdd10fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe

Filesize
468KB

MD5
d8ec7a3da8e51a81fbc2ee5c21812113

SHA1
4bdc5c39c6451d435493e322e4b4e54f7ed3f1e8

SHA256
125ccf085e5c58fdebd0dce6fd7e5222f8461bca94cd617e32b218355bc31959

SHA512
1d5cfb180711a327824062c198bb8ef778f976af5fed7da22bc5f91ade115a54063621b3346ff94c44c9bae5a36546b862ba2fe55022ae5feae7e7ed4c58df6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe

Filesize
468KB

MD5
e45e0ed3a4326e3997b8cf41610f094a

SHA1
b62e2ded9895bca7e7be28909bff8127f3733b26

SHA256
19107456a08db7802a2aef45ef777eaec59f8dfc692b518386264bb3db5de903

SHA512
9aa6aa189a4bc784bc0cf6b29de645a4de0008bb925631436a95773f8332ff3be3314dae693395f6f905d21274be39091c3adaccfd013412f3071315b9653f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe

Filesize
468KB

MD5
02c8a1aacc01a0e254c6367086f0f110

SHA1
0ed549c389e2dee538681013c6fa7f2db3edefb3

SHA256
3e5a0d1f61b711e2ccc2f8c70b75368059bb1319c018d9dec4939f011965ef8a

SHA512
faa8fdbb049e7d33b2d618f347f2b6d8b52f3cbdc12475617227872d415b7c07a5f1b69209f0f5691a7cacb2bae5a4af32e60ead184740636f3e517334803ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe

Filesize
468KB

MD5
20ca8f48f75a015a68d75fc14d669e4a

SHA1
cdf2ec06c2670496de7c9148616827bfa47edd36

SHA256
8832d893e48e714bc5992342aebc72ced7ccb46d79da49d914bc9861911f06ec

SHA512
13fecd15a09008f4b071e4ba4ab9e59f93bc8158b69e10b3a76ec2e292ba62b9ba3cd7071992ccd4bc26ccf52741ebc886da76cb837eab55dda0991fc14df617

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe

Filesize
468KB

MD5
a673442cb54c392ec72d9cf89761788d

SHA1
36fa19c769e5ea399e625f984361a8385a36a793

SHA256
6cd4bb1e43cec76c0e687379ed01240c4884af6b0ac832886ccf2de081762751

SHA512
23de524b72a2c749d325afd75aa01f5773d405ba23d206dfe13046ab9521a93526c7fa6baf5f6b852242b368f23fdf127fe0f99b29fe932beca31fa6f331cb7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe

Filesize
468KB

MD5
b2394521118545d74b68e775e2fc1e93

SHA1
c140cd6524b914525b40d2242994c839564ca6ea

SHA256
1785036b895ec6894523ef3ad78062498e6b4f88e02244c41acc299dbb3f100d

SHA512
3f270f95d6eb1aa751146c0a9cb8efbe6302ff5df0d59786f8ce3e2ca8c3142af9d764a9f376416b94203f2875eca1e5618154e5a311d0355c7d018a704f19b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe

Filesize
468KB

MD5
58c2854fec3f272cd9c390cc31b56452

SHA1
2ab95945bfd11ba5ea4a5a2fc11b922da7b2c755

SHA256
ea716d0a195cab9535ff408a9a4947db90d004cb1dd961e01cc0d989fe5deccd

SHA512
0261b7b47025d775165289a3d7f06fec0681429d01434fe151a928dc892acb1c176b95f43a1c7e76a14419b10c44ddce6392378147a53aac14d1de51f3c1cbb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63038.exe

Filesize
468KB

MD5
0046f010b8e209169d8d0c7ac6476bcb

SHA1
8d74d48e70ac1231ae05b476d16ac3056d1ca104

SHA256
301a45bf467b9b73ad829819869f9669775194e0bec210886e14a6cb57652072

SHA512
45a46f1d0b725e4063ed735fc93846ce21e120eb095a5c85f455ebcd1e21656062014c79ec05784162f1d417eb37fe8f4af6f92594eedcebf6a55f820fa84064

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe

Filesize
468KB

MD5
5c2f97b56d4df6dd313cbaad7954d112

SHA1
566a06fa55da376c99a2caa0b125dee2779cd052

SHA256
7d5c516e7d6e8bdf379bfdd2d9d9c28de1b38b602e6f455e1ead14557bba72e5

SHA512
755bbbb97929e92403bffd03a7d72e3f3d7d1de4ac63e38e0ff0605994f49b62eec24decae1fafab98d231a361896b1bcee618bf9c51c913d26d9845f3c52793

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe

Filesize
468KB

MD5
71a1f04ffb10acf78a349116bfb07961

SHA1
e3b3cb5952c03f613219a43ad7ecb404224bd799

SHA256
5bc3b0c2257665092a482551e23a63b40c91b254da59118f38b1f25234039f5f

SHA512
e6ec70117533447773c30d6005d2f5e3bc0637cc8a4e6f96db099bbcf744ac09ed94542ab5750ecc04265b5b86881b9e0a7584e5323a34b479ffae119bd4cb60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe

Filesize
468KB

MD5
0a2ac5fbd7964c3edb1d3acc1adb3bea

SHA1
6ca59b4d35c59d955a3e7441a63cb9410637ce2a

SHA256
c8b6db1838d622ca87443a124f5b0fd99b7d49cdb81fd73dee98a5a07ec0268f

SHA512
1c36edb756419b231d88c47983dc772be6972c3daa4b6eb282d7bda08af0476398585d940caded4c9d306719dad613a2bb713e79070eca490dfbb61f08ebf64e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe

Filesize
468KB

MD5
b4a8f17310d31f9b9c0b3d884a93fb44

SHA1
c32e3b7f71258e0f74faf40964a8d9f37b778c0b

SHA256
00ae7fd6f884400702d5cf182122b1b91ba2165fe324cd0a3b1869a48ce91552

SHA512
cb4c6979846996374d5b3ba9bb036390e68bf2ca0d3c653c367b8abb586bf7962c69009056d6804c7c5c76c88a72762711c8ed0e53e546edaa9c8bd549f0cfad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe

Filesize
468KB

MD5
0d4abd7ac2c20f200fd7872f9bb04633

SHA1
cae28076b85a99363faa0f5ca0865e17fce87f59

SHA256
944f154b05c2dbdde03549380af1d8c38d073eabce654f63136f3d37524d5b0a

SHA512
94acf9a103d3a05eb176c52745bbcd3091c1c6bcdd8cd07ea78cba790efcf1665ffd4de39f71e099221be37db288592be40501191a8909dcbbc11bc536217fa4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe

Filesize
468KB

MD5
23de55855e23e1f5ca024c2994beeddd

SHA1
f75af758140a3b32134717b24aaea48c13bf5446

SHA256
d01b915012ef3a903cf31c7aca6d97818da548c57cc2bdb7556646ce9f0ce52c

SHA512
0ad5045a6dd538d09ee2064591b674fe85b527aa3d12da38543f490192350b8360e777712e9e86d8af508f0628bc75248112a6247017deb9814580eb501dbc6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe

Filesize
468KB

MD5
6d63faa09aebc18b56eb1869deed788c

SHA1
69b3ddbb32a46f99c9d44bddac9bcb17e7f2cad3

SHA256
c8dc03adee0218382e32962547145c3e905c605fdafaaf0eb45bef3921d6c376

SHA512
db62af732e16eee115f60fee42ea0749ee888aa8dc8d630e8edc76d50bca4de0c879ae6a312343aa616a87faeca612ecb1df45057a9d994de2dd742d6fae4713

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe

Filesize
468KB

MD5
48fffeda9ecfa464136756367f3dace9

SHA1
7f526be874fcdd6baf11fe8a8bb5522de8a8f914

SHA256
9f2d1c1c08d2b49c82137a01823b438e1f447e5e84d304220a71e7462e6d775d

SHA512
34d1767a23d494cdd50d4ee0256ca55feb5c1d5da3ea00871e3d310519f5fb9b19550069e73172c92581d08256cec8f076a55080b65a2cc93a5f02956b285367

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe

Filesize
468KB

MD5
865a6e2b474667589744c8489747cab3

SHA1
ce0c45c11966df17d7da5a29d99bddf2e35e394d

SHA256
1e50d6855ddbf13eba01554a53517884b399af290d9e90e4ceebe92ff0869e5f

SHA512
f068298792560d5ac80c17c9929125d72f65ae9a6b4841ad0842f96b307da99dfce6401b435c3eb3ee614df3d55527a13485997e62ae350fe2cdb5674f2935c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe

Filesize
468KB

MD5
c7984b5b79c495cb37fc8f620dd007e7

SHA1
60a76befcdbedc974990f703b61df89b13a39b06

SHA256
cc0a4bcd8d69c9e02bd1976129eb809a199356312cb37396c164e68d24df1bb3

SHA512
23cf3fda91d5276c5075e94f14f8992afe77b4d836cd66213eab739d82eddeb1752904e383dcf52914c9bf670f71b3fd827ee5e499d13908857f31d90aff2966

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62558.exe

Filesize
468KB

MD5
474f844c71104e7e23ed1318276fa41a

SHA1
04888432921a905777fcb6d1e1acf319977ac8fa

SHA256
74b068ce69e66fdd0c2e6c955d25faa45a231f9bd303edbdab25c750e3d882a9

SHA512
824e36d7ecb7de49ff8ea55426a6c6c90a87888347b6e635e8fc5784545fc224a8a23a27791d45f708c7fae53e6b80ca5e7fea5e498b66cbaa2e7309dec993b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe

Filesize
468KB

MD5
77a7200ac7e82e0c8e0571a10e75ea78

SHA1
3ce933d8fecf107a18af82055a8dd8babc2133b9

SHA256
d68e8f90a10702ee9954c745433bca398ca25f8034cc4afe180f0fbe6e825a82

SHA512
1e49d47dba7b36324029f1379ee0edee09989f7700a81b408f36362495a108ef6c4ae2a38e9d47d4b22929553ebbdb75f4dc97d9b2769fbfda0c0bb275235251

Download Submit