9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 15:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
Size

468KB
MD5

d1181ac139f0e856cdde7cc28c192f80
SHA1

56f8cc70e95af64cb5ac2fa4f56b660f14963ed3
SHA256

9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34
SHA512

92bcacc8c3969df3252db25eb74ad3efb63a15e3a4a6462e204d8593c3a3ee2e73de43caec6025c30d4a856cb227c85a8a482ce48d34a9f9e779271cdba086a3
SSDEEP

3072:iOAoogIdId5CtbYiYztjcf8/SCtvPTpShmHeLVUiAO7OJ/HQBnlx:iObowbCtNYJjcfsNixAOS5HQB

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2416	Unicorn-6489.exe
2876	Unicorn-42992.exe
2976	Unicorn-6982.exe
2896	Unicorn-18929.exe
2636	Unicorn-64045.exe
1656	Unicorn-48264.exe
2500	Unicorn-18527.exe
1756	Unicorn-61051.exe
2112	Unicorn-7382.exe
1276	Unicorn-61030.exe
2908	Unicorn-41015.exe
2464	Unicorn-21149.exe
1696	Unicorn-41015.exe
1532	Unicorn-30800.exe
1640	Unicorn-40750.exe
2160	Unicorn-63656.exe
2228	Unicorn-39898.exe
2040	Unicorn-31752.exe
524	Unicorn-703.exe
2096	Unicorn-5000.exe
2604	Unicorn-39017.exe
1804	Unicorn-32886.exe
1676	Unicorn-16550.exe
560	Unicorn-50885.exe
3036	Unicorn-22681.exe
2392	Unicorn-31019.exe
2492	Unicorn-50620.exe
288	Unicorn-38633.exe
2144	Unicorn-5768.exe
2196	Unicorn-61052.exe
2844	Unicorn-62006.exe
2892	Unicorn-42140.exe
2656	Unicorn-62177.exe
2828	Unicorn-16506.exe
2712	Unicorn-12421.exe
1996	Unicorn-41377.exe
2524	Unicorn-47507.exe
2364	Unicorn-27641.exe
2932	Unicorn-48638.exe
2320	Unicorn-31747.exe
2420	Unicorn-23195.exe
2256	Unicorn-38990.exe
2308	Unicorn-55348.exe
2264	Unicorn-43288.exe
1352	Unicorn-18954.exe
1172	Unicorn-755.exe
2588	Unicorn-43079.exe
1332	Unicorn-49977.exe
760	Unicorn-41233.exe
2068	Unicorn-17475.exe
876	Unicorn-12379.exe
1692	Unicorn-57761.exe
2044	Unicorn-57761.exe
2960	Unicorn-42349.exe
2860	Unicorn-33797.exe
2668	Unicorn-54517.exe
3044	Unicorn-8315.exe
3056	Unicorn-6012.exe
2292	Unicorn-6012.exe
2472	Unicorn-64606.exe
928	Unicorn-44186.exe
1052	Unicorn-44741.exe
568	Unicorn-23936.exe
1944	Unicorn-10937.exe

Loads dropped DLL 64 IoCs

pid	Process
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2416	Unicorn-6489.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2416	Unicorn-6489.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2876	Unicorn-42992.exe
2876	Unicorn-42992.exe
2416	Unicorn-6489.exe
2976	Unicorn-6982.exe
2976	Unicorn-6982.exe
2416	Unicorn-6489.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2636	Unicorn-64045.exe
2636	Unicorn-64045.exe
2976	Unicorn-6982.exe
2896	Unicorn-18929.exe
2896	Unicorn-18929.exe
2976	Unicorn-6982.exe
1656	Unicorn-48264.exe
1656	Unicorn-48264.exe
2416	Unicorn-6489.exe
2416	Unicorn-6489.exe
2500	Unicorn-18527.exe
2500	Unicorn-18527.exe
2876	Unicorn-42992.exe
2876	Unicorn-42992.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
1756	Unicorn-61051.exe
1756	Unicorn-61051.exe
2636	Unicorn-64045.exe
2636	Unicorn-64045.exe
2112	Unicorn-7382.exe
2112	Unicorn-7382.exe
2896	Unicorn-18929.exe
2896	Unicorn-18929.exe
2464	Unicorn-21149.exe
2464	Unicorn-21149.exe
2876	Unicorn-42992.exe
2876	Unicorn-42992.exe
1276	Unicorn-61030.exe
1276	Unicorn-61030.exe
2976	Unicorn-6982.exe
2976	Unicorn-6982.exe
1532	Unicorn-30800.exe
1532	Unicorn-30800.exe
1696	Unicorn-41015.exe
1696	Unicorn-41015.exe
1656	Unicorn-48264.exe
2416	Unicorn-6489.exe
1656	Unicorn-48264.exe
2416	Unicorn-6489.exe
2908	Unicorn-41015.exe
2908	Unicorn-41015.exe
1640	Unicorn-40750.exe
1640	Unicorn-40750.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2160	Unicorn-63656.exe
2500	Unicorn-18527.exe
2160	Unicorn-63656.exe
2500	Unicorn-18527.exe

Program crash 60 IoCs

pid	pid_target	Process	procid_target
2804	2040	WerFault.exe	46
688	2636	WerFault.exe	34
1168	288	WerFault.exe	56
1120	2144	WerFault.exe	57
2388	2472	WerFault.exe	91
2868	2016	WerFault.exe	115
2912	2380	WerFault.exe	126
2232	1352	WerFault.exe	75
1660	2392	WerFault.exe	54
1568	2932	WerFault.exe	69
3004	2500	WerFault.exe	35
2436	748	WerFault.exe	106
3688	2828	WerFault.exe	63
3720	876	WerFault.exe	81
3704	2588	WerFault.exe	77
3696	2328	WerFault.exe	117
3848	2200	WerFault.exe	96
4052	2492	WerFault.exe	55
3256	2524	WerFault.exe	65
3244	2308	WerFault.exe	73
3240	2420	WerFault.exe	71
3680	2908	WerFault.exe	41
3792	2112	WerFault.exe	38
3828	2976	WerFault.exe	31
3816	2096	WerFault.exe	48
3144	1052	WerFault.exe	92
4064	656	WerFault.exe	99
3292	2776	WerFault.exe	105
3296	1136	WerFault.exe	95
3340	2256	WerFault.exe	72
4472	2292	WerFault.exe	88
4496	928	WerFault.exe	90
4512	2068	WerFault.exe	80
4560	1532	WerFault.exe	40
4612	524	WerFault.exe	47
4592	1696	WerFault.exe	39
4576	2860	WerFault.exe	85
4540	2712	WerFault.exe	64
4244	2844	WerFault.exe	59
4228	2960	WerFault.exe	84
4256	1276	WerFault.exe	37
4224	684	WerFault.exe	100
3572	3044	WerFault.exe	86
4276	2468	WerFault.exe	108
4320	2160	WerFault.exe	44
4312	2364	WerFault.exe	68
4304	2320	WerFault.exe	70
4944	2656	WerFault.exe	61
1512	2460	WerFault.exe	125
5460	2088	WerFault.exe	110
5896	1172	WerFault.exe	76
5524	1944	WerFault.exe	94
5348	2604	WerFault.exe	50
5384	2044	WerFault.exe	83
5416	560	WerFault.exe	52
5424	2196	WerFault.exe	58
5620	1928	WerFault.exe	101
5368	2264	WerFault.exe	74
5352	580	WerFault.exe	98
5676	1804	WerFault.exe	49

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55753.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22586.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10686.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
2416	Unicorn-6489.exe
2876	Unicorn-42992.exe
2976	Unicorn-6982.exe
2896	Unicorn-18929.exe
2636	Unicorn-64045.exe
2500	Unicorn-18527.exe
1656	Unicorn-48264.exe
1756	Unicorn-61051.exe
2112	Unicorn-7382.exe
1276	Unicorn-61030.exe
2464	Unicorn-21149.exe
2908	Unicorn-41015.exe
1640	Unicorn-40750.exe
1532	Unicorn-30800.exe
1696	Unicorn-41015.exe
2160	Unicorn-63656.exe
2228	Unicorn-39898.exe
2040	Unicorn-31752.exe
524	Unicorn-703.exe
2096	Unicorn-5000.exe
1804	Unicorn-32886.exe
560	Unicorn-50885.exe
2604	Unicorn-39017.exe
1676	Unicorn-16550.exe
2392	Unicorn-31019.exe
3036	Unicorn-22681.exe
2844	Unicorn-62006.exe
288	Unicorn-38633.exe
2492	Unicorn-50620.exe
2144	Unicorn-5768.exe
2196	Unicorn-61052.exe
2892	Unicorn-42140.exe
2656	Unicorn-62177.exe
2712	Unicorn-12421.exe
2364	Unicorn-27641.exe
2828	Unicorn-16506.exe
1996	Unicorn-41377.exe
2524	Unicorn-47507.exe
2932	Unicorn-48638.exe
2320	Unicorn-31747.exe
2420	Unicorn-23195.exe
2256	Unicorn-38990.exe
2308	Unicorn-55348.exe
2264	Unicorn-43288.exe
1352	Unicorn-18954.exe
1172	Unicorn-755.exe
2588	Unicorn-43079.exe
1332	Unicorn-49977.exe
760	Unicorn-41233.exe
2068	Unicorn-17475.exe
876	Unicorn-12379.exe
2960	Unicorn-42349.exe
2044	Unicorn-57761.exe
2860	Unicorn-33797.exe
1692	Unicorn-57761.exe
2472	Unicorn-64606.exe
1052	Unicorn-44741.exe
2292	Unicorn-6012.exe
3044	Unicorn-8315.exe
568	Unicorn-23936.exe
928	Unicorn-44186.exe
1944	Unicorn-10937.exe
2200	Unicorn-52162.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2416	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	29
PID 2720 wrote to memory of 2416	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	29
PID 2720 wrote to memory of 2416	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	29
PID 2720 wrote to memory of 2416	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	29
PID 2416 wrote to memory of 2876	2416	Unicorn-6489.exe	30
PID 2416 wrote to memory of 2876	2416	Unicorn-6489.exe	30
PID 2416 wrote to memory of 2876	2416	Unicorn-6489.exe	30
PID 2416 wrote to memory of 2876	2416	Unicorn-6489.exe	30
PID 2720 wrote to memory of 2976	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	31
PID 2720 wrote to memory of 2976	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	31
PID 2720 wrote to memory of 2976	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	31
PID 2720 wrote to memory of 2976	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	31
PID 2876 wrote to memory of 2896	2876	Unicorn-42992.exe	32
PID 2876 wrote to memory of 2896	2876	Unicorn-42992.exe	32
PID 2876 wrote to memory of 2896	2876	Unicorn-42992.exe	32
PID 2876 wrote to memory of 2896	2876	Unicorn-42992.exe	32
PID 2976 wrote to memory of 2636	2976	Unicorn-6982.exe	34
PID 2976 wrote to memory of 2636	2976	Unicorn-6982.exe	34
PID 2976 wrote to memory of 2636	2976	Unicorn-6982.exe	34
PID 2976 wrote to memory of 2636	2976	Unicorn-6982.exe	34
PID 2416 wrote to memory of 1656	2416	Unicorn-6489.exe	33
PID 2416 wrote to memory of 1656	2416	Unicorn-6489.exe	33
PID 2416 wrote to memory of 1656	2416	Unicorn-6489.exe	33
PID 2416 wrote to memory of 1656	2416	Unicorn-6489.exe	33
PID 2720 wrote to memory of 2500	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	35
PID 2720 wrote to memory of 2500	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	35
PID 2720 wrote to memory of 2500	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	35
PID 2720 wrote to memory of 2500	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	35
PID 2636 wrote to memory of 1756	2636	Unicorn-64045.exe	36
PID 2636 wrote to memory of 1756	2636	Unicorn-64045.exe	36
PID 2636 wrote to memory of 1756	2636	Unicorn-64045.exe	36
PID 2636 wrote to memory of 1756	2636	Unicorn-64045.exe	36
PID 2896 wrote to memory of 2112	2896	Unicorn-18929.exe	38
PID 2896 wrote to memory of 2112	2896	Unicorn-18929.exe	38
PID 2896 wrote to memory of 2112	2896	Unicorn-18929.exe	38
PID 2896 wrote to memory of 2112	2896	Unicorn-18929.exe	38
PID 2976 wrote to memory of 1276	2976	Unicorn-6982.exe	37
PID 2976 wrote to memory of 1276	2976	Unicorn-6982.exe	37
PID 2976 wrote to memory of 1276	2976	Unicorn-6982.exe	37
PID 2976 wrote to memory of 1276	2976	Unicorn-6982.exe	37
PID 1656 wrote to memory of 1696	1656	Unicorn-48264.exe	39
PID 1656 wrote to memory of 1696	1656	Unicorn-48264.exe	39
PID 1656 wrote to memory of 1696	1656	Unicorn-48264.exe	39
PID 1656 wrote to memory of 1696	1656	Unicorn-48264.exe	39
PID 2416 wrote to memory of 1532	2416	Unicorn-6489.exe	40
PID 2416 wrote to memory of 1532	2416	Unicorn-6489.exe	40
PID 2416 wrote to memory of 1532	2416	Unicorn-6489.exe	40
PID 2416 wrote to memory of 1532	2416	Unicorn-6489.exe	40
PID 2500 wrote to memory of 2908	2500	Unicorn-18527.exe	41
PID 2500 wrote to memory of 2908	2500	Unicorn-18527.exe	41
PID 2500 wrote to memory of 2908	2500	Unicorn-18527.exe	41
PID 2500 wrote to memory of 2908	2500	Unicorn-18527.exe	41
PID 2876 wrote to memory of 2464	2876	Unicorn-42992.exe	42
PID 2876 wrote to memory of 2464	2876	Unicorn-42992.exe	42
PID 2876 wrote to memory of 2464	2876	Unicorn-42992.exe	42
PID 2876 wrote to memory of 2464	2876	Unicorn-42992.exe	42
PID 2720 wrote to memory of 1640	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	43
PID 2720 wrote to memory of 1640	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	43
PID 2720 wrote to memory of 1640	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	43
PID 2720 wrote to memory of 1640	2720	9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe	43
PID 1756 wrote to memory of 2160	1756	Unicorn-61051.exe	44
PID 1756 wrote to memory of 2160	1756	Unicorn-61051.exe	44
PID 1756 wrote to memory of 2160	1756	Unicorn-61051.exe	44
PID 1756 wrote to memory of 2160	1756	Unicorn-61051.exe	44

C:\Users\Admin\AppData\Local\Temp\9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe
"C:\Users\Admin\AppData\Local\Temp\9c0729d6e01d3d7d34995d46c7dfaabeaad7bf05f2c5c1d98588304bd72f9a34N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        7⤵
        Program crash
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53864.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
        9⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        9⤵
        Program crash
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        8⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 248
        8⤵
        Program crash
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3183.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
        7⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 224
        7⤵
        Program crash
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        7⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 224
        7⤵
        Program crash
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 244
        6⤵
        Program crash
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
        7⤵
        
        PID:908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        7⤵
        Program crash
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25830.exe
        6⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 220
        7⤵
        Program crash
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41607.exe
        6⤵
        
        PID:3280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 244
        6⤵
        Program crash
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        8⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 224
        8⤵
        Program crash
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60184.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
        7⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        7⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 228
        7⤵
        Program crash
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        6⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        6⤵
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        6⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        6⤵
        Program crash
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        5⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        5⤵
        
        PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        8⤵
        Program crash
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        7⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 244
        7⤵
        Program crash
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
        6⤵
        
        PID:968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 248
        6⤵
        Program crash
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        6⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63973.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        7⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        7⤵
        
        PID:5244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 248
        6⤵
        Program crash
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        6⤵
        
        PID:2752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 228
        6⤵
        Program crash
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16282.exe
        5⤵
        
        PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3760.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62966.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48679.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        5⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        5⤵
        
        PID:5584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 224
        5⤵
        Program crash
        
        PID:5676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28746.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        5⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1051.exe
      4⤵
      PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
      4⤵
      PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
      4⤵
      PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31747.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27139.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55123.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33303.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
        7⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 224
        7⤵
        Program crash
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        7⤵
        
        PID:748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
        8⤵
        Program crash
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19187.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        7⤵
        Program crash
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        7⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        6⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21702.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        6⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        8⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 216
        8⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        7⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 224
        7⤵
        Program crash
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        6⤵
        
        PID:3136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        6⤵
        Program crash
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
        5⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48237.exe
        6⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
        6⤵
        
        PID:5648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 248
        6⤵
        Program crash
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe
        5⤵
        
        PID:3312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 248
        5⤵
        Program crash
        
        PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        6⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47002.exe
        7⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        7⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        6⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9186.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        6⤵
        
        PID:5692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 244
        6⤵
        Program crash
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
        5⤵
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        6⤵
        
        PID:2936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 228
        6⤵
        Program crash
        
        PID:4064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 244
        5⤵
        Program crash
        
        PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        5⤵
        
        PID:784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        5⤵
        Program crash
        
        PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
      4⤵
      PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
      4⤵
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 248
        6⤵
        Program crash
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61708.exe
        5⤵
        
        PID:5884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 224
        5⤵
        Program crash
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        5⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55060.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        6⤵
        
        PID:5632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        5⤵
        Program crash
        
        PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34355.exe
      4⤵
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        5⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        5⤵
        
        PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
      4⤵
      PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44784.exe
      4⤵
      PID:3676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 248
      4⤵
      Program crash
      PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
      4⤵
      PID:2056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 228
      4⤵
      Program crash
      PID:4052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
      4⤵
      PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
    3⤵
    PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
    3⤵
    PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
    3⤵
    PID:5372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
    3⤵
    PID:5580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64613.exe
        7⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 248
        7⤵
        Program crash
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        6⤵
        
        PID:3424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 244
        6⤵
        Program crash
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27083.exe
        6⤵
        
        PID:4108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 248
        6⤵
        Program crash
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59986.exe
        5⤵
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        6⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        7⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        7⤵
        Program crash
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        6⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
        6⤵
        
        PID:3456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        6⤵
        Program crash
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
        6⤵
        
        PID:2572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        6⤵
        Program crash
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49028.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        5⤵
        
        PID:5720
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 244
      4⤵
      Program crash
      PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        6⤵
        
        PID:2768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 248
        6⤵
        Program crash
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        5⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        5⤵
        
        PID:6108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 244
        5⤵
        Program crash
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17484.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22591.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
        5⤵
        
        PID:4664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 248
        5⤵
        Program crash
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21008.exe
      4⤵
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        5⤵
        
        PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
      4⤵
      PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
      4⤵
      PID:3512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 248
      4⤵
      Program crash
      PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16550.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        5⤵
        
        PID:2016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        6⤵
        Program crash
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
        5⤵
        
        PID:3272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 248
        5⤵
        Program crash
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
      4⤵
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        5⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3707.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25406.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
      4⤵
      PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
      4⤵
      PID:5812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
      4⤵
      PID:3536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
      4⤵
      Program crash
      PID:4472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
    3⤵
    PID:1084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
    3⤵
    - Program crash
    PID:3828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        5⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32484.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58341.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        7⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20859.exe
        6⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 228
        6⤵
        Program crash
        
        PID:4224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 248
        5⤵
        Program crash
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        5⤵
        
        PID:6080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 228
        5⤵
        Program crash
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
      4⤵
      PID:2172
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
      4⤵
      Program crash
      PID:3680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22586.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        5⤵
        
        PID:5652
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 248
        5⤵
        Program crash
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
      4⤵
      PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39559.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
      4⤵
      PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
    3⤵
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65229.exe
      4⤵
      PID:1668
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 228
      4⤵
      Program crash
      PID:3296
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 248
    3⤵
    - Program crash
    PID:3004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 244
      4⤵
      Program crash
      PID:1120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
    3⤵
    PID:4088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59364.exe
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
    3⤵
    PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
    3⤵
    PID:5536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
      4⤵
      PID:4980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
      4⤵
      PID:5752
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 248
      4⤵
      Program crash
      PID:5384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
    3⤵
    PID:360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
    3⤵
    PID:3840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
    3⤵
    PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 224
    3⤵
    - Program crash
    PID:5424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
    3⤵
    PID:5168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
    3⤵
    PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
    3⤵
    PID:5856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
  2⤵
  PID:632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23783.exe
  2⤵
  PID:3836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
  2⤵
  PID:4620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
  2⤵
  PID:4960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
  2⤵
  PID:5148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe

Filesize
468KB

MD5
3e56efe940727c4a030a64b3d07d4884

SHA1
595104d2ebf8b63a28d86b20869cb95908f98f9b

SHA256
2bcf3d2173b9b89753e80d50ac0aae652cd616545a69f37fe2b03a9efe820a1f

SHA512
43c463d7d17da33bfb93f4909e0b56d34caab15fe0bb29f74f9ee71a974ec6563af58552638187350f8677657c080c2a1a3375206079820675e6cbe425fdfc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe

Filesize
468KB

MD5
07b4c4ca5c904863fdd16aa67129c43f

SHA1
10d0e9954fd4ba53a3a0b9a0d7120babf203aedb

SHA256
70cb7597ca170575d8171a79c804d270f535aed2790ede25e9dca2f8afaafc3a

SHA512
d56e40dea1e2e26f654e8b54d6b0c7863bf09843aee94fb3f04914fc96e6259b742a87716a2e333b67e21c53e56c11a22c7968a83938447e74a39514e2b6fe09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40750.exe

Filesize
468KB

MD5
9d4fe171195c7c4dd20329fbae56c3b6

SHA1
1e9fea004702234ea6c10b29699da002acf0079e

SHA256
ec7b574b45112658b13190add376e3f1444110426939c1d7921ca377de6af6dc

SHA512
b6a8527826bf59f78d190d90ee9e64c6f25a66f5e2d6412ed659a79559a955077e32049e19efee9503f46cc3b96d538f740197108736d0dad1a5b23748f86d49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe

Filesize
468KB

MD5
8760498dd7ab99be3e1ddd20d7a0a1f2

SHA1
99ebf6dea967061b958005ee3ec2c6ab6ebf8a77

SHA256
11a4610bc87f1b1ce5abbe268842cc0d741d97c49017bef898db36417c532be0

SHA512
4f9e3631ba625343a74d777884049f7bc4fd524328e6d002d2eafc700a5c776f936099ed954364f02703fc61a5d5f931d9f94183787c2bd6afa6af191840ebe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56870.exe

Filesize
468KB

MD5
9e8b0ac754d06342fc87ebfb46d6ca63

SHA1
3e688b92bb9f9d2794edaab48c699e3018e58e3b

SHA256
cb19d7ec1ed672ff7c2e8700288c1dfba351a2c88a273924e159e857d1752dfe

SHA512
ae1479d20a20b1cc7bcd505af1ac467d92b9948c49f72d669850541d265e14c8f2c0e216f5011deb82a206d4a53a548980f88d9e7c01dc93067cd1ed3ab14bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5768.exe

Filesize
468KB

MD5
bea49bf6bffc27784622d9ef62503a62

SHA1
b9d54d8f56f33aba96d515f4ef065125b06a0bb1

SHA256
ae7bab4424cd7ad5e5aa55c8efd9105f6cd40ce8f3fb5e2890058aa323428d58

SHA512
8210b1bd96491a8f9509bd9d84ea2c5d2ffdd41b51c4807a8a278698d4af10ebc8d73f10d4257355e13faf2b4a0e58fc1bce5254055634d9c1df89a74e45f553

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe

Filesize
468KB

MD5
0238be9b2693ac434c8e2f7df4909ed5

SHA1
f199e8efcd88c8ac3f79d166e17db35a8c5acfcb

SHA256
9b6de7dfc6c5509fb97a0471a9ad77b28f1f951681f9055f7eb72a45bbbcc1a4

SHA512
92fac49505eca6cf7d8268279ebdc29e9d8aadf329ae5f0c9b0b27b2fe035b81199fc8825f61e5011be9d38cc622a2a7e7f0ffefdf63d1782030c19183833546

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe

Filesize
468KB

MD5
a2b138a3d3d26c6f08b56c666bf27f42

SHA1
c8a7fb7389eb430cec06fbeae8a80d48674da557

SHA256
0314fe1c50362f63f1333f3f086b660460d59cf298ac8e4d1e68fc927362564b

SHA512
4a4aa2b542a807b33cd8fb9ff10794d4069138fba44ca698c968c7499a65c8236c1b7ed39f23ebc4ddc5cb0fffdbd65249099452aa106dd5c8f592b8baf4f67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64613.exe

Filesize
468KB

MD5
f8b8a0f1061599d89f007eca58f5bb34

SHA1
665bc636ebc8288281423446b9844136da890810

SHA256
87ea5f14432ab4c5b9d581a532de1452eae4170e92ef2ba6cf970d895c941b9e

SHA512
5257ac43b4baa41a13929f9efe3663611aedf2d1036d659b249a7237d71a55e42c732e857824d13a5db5bc322bbd80e1169d4ede2b6c7048406c7c314cce137a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe

Filesize
468KB

MD5
1f8e3c42ea9f3845e5a169406ea8b3e8

SHA1
995c3f2b4d154557e3244e04cfac99501fd6e42b

SHA256
50c561a44b37e33e726d917b677eca02be18a812f39db8ef26143935b77de446

SHA512
23de7c6b61e6e49a78ce1c07485650cb3a0af85e044df71cb839f40325e644fa5e065c72237569880c2dd54e377e17d51dd2299ce2ce03b93b7a527f5f92b959

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe

Filesize
468KB

MD5
db3243f0dcbe3618f2148ea300192d3f

SHA1
16996663b3b08d1c46731db98d7dd7e189fdfff0

SHA256
d32ba19b426396a3999bec777f822899ef8e816132ee5fabbda7576d2221cd4c

SHA512
e424b6173be423c0c125e1478af1eafa77d1c58760fb97710ba5c8d8cbb8ef53382c8055eb1ea9aed2fee001a48b9a481f84ed5d87c5fd0ce910e04df8004e46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe

Filesize
468KB

MD5
267830dc8a8c8afe03132a9549d603f6

SHA1
85882c1e71c2eb314b041b5a9f9634c1d5ffcb2a

SHA256
2f47aa4dcff4e7b2108f21c1bd145a0735b9dc6e32733b2e3b1175152eeee27a

SHA512
8b27093933c15ca77dcaa9aff98f049e5969d3a2796ab8d3cc13789b5809386a5b470f33ede8770991800f4c87962d095c134bb17a395e728028676318575dcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe

Filesize
468KB

MD5
523aa4ff390f9deba85950dbd0b65530

SHA1
492403eed16012750fda48a1cd77d422a571fecf

SHA256
b14f5c418ac12aca5398bb8c448a48b323aecdb10d37348aff09e57cb113c200

SHA512
979fb99b4115c6f2f05f38c27b0b130c39c2eb211ed7ea67ddfed00b80811e1e48045b46446e757083afe5e8bfc91bfdc7decb9f4adb6f7f57ba40fb4a739fd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe

Filesize
468KB

MD5
ac6b2720e696a89bf4db9763bd6ed261

SHA1
0564c5c68e142c2d863ba16b2a962bde8afe98af

SHA256
48b71a3b70f1c577d56c328cfbc4587a94ddfca8c6d1c8801936603512b51097

SHA512
9a845098cd78bc5a704531bfe01db0427d94c8485e16fe9ec52c22f36e206831e523d1817730b0ece19560a0b9023b64a7a69ca466535b963570844b4f02b0da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe

Filesize
468KB

MD5
83367fdc7a6d1029b2e03f6b93650947

SHA1
c953b0fdbdb7ea5d508be64f9df618d7125be3dc

SHA256
b19deb0084120a3a3236c34eb4b6e16d6b65c5ae124a004b8e3617d3911e0652

SHA512
1b37b5cfc7292c2f5efe0c54544294f6c26fe930ca9a473939f6a5d74bde38b54e90f3ab092eca2d25e5654f5b85bd8c43f5dbb88670ede985bef04f2579f60e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe

Filesize
468KB

MD5
eb70aa744ebd934f23df1496291e540f

SHA1
a40d5d649ea3d6ab3d9c6c75abb8fb74f172f82e

SHA256
ec036ae74da072c4b4af9bbc7f7d9d29e55950f063b40c0e525a22ce4f582db7

SHA512
f9f955d59a08fb979b761a04e27812059ff628ba8f6696ffa520bebf59a249102cf8c20c3ffecbddc80ffa8012325c1e57ca94a1036dbf4e5e1606087824be72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe

Filesize
468KB

MD5
8bf6d53a8471b49b253b15d8c4f12386

SHA1
4547a58a2b2cf2fb12809c2c4023a1b1c856fe83

SHA256
fa0839848e4f3cfe1e1e5d05d3f524fe4721293284876bf110136470e7da1b8b

SHA512
59fb5e10d13a946532448bef555ac872cc84560eb7a522b37425a2bc1fe18cc1e94d9b5d05a1f219fdd8846217ec9e17ac4e5f5519d4188f4d0437ad1a3acc0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe

Filesize
468KB

MD5
c72896aa09284f5fddb5aef35488675f

SHA1
8767db59c81a469647888a3ce7f1b894d010070f

SHA256
46e3e2944050fbb78ab0e938341dceac71128cc50f296ce164b4884e39eea347

SHA512
41e94dc87a662903f132c1d2ea173622aacfa8e55e21db6084adf07b20b5fdad27dbafd2229187bd2a50b73d8caeaf72facba3bae079c741f9f772fb06a9865e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe

Filesize
468KB

MD5
f555058a60c9214777c1da733a37c4fa

SHA1
e7ebea849fb654d07a12a961776aa05c9eb4fc67

SHA256
cc163329e8bd9288ccaa41fbf09dfcbdccff487382b05fc524d654f50830d3eb

SHA512
6d7035d16f04fe2b65c0a856edf20be70209d137b6ea24e22383ad9ccf2d9525a6894f157aa445e8a3f7e3a79229c6845ec20e53994b893f8896167d44388c5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe

Filesize
468KB

MD5
7c615c59fc0f2a5811049b8f9feea9ea

SHA1
9968d81766eb34f3e21283160562ac3dda5a90a1

SHA256
08040a0dfcbaa3e9b8e06bd5b5d6e856b2a0a381ecea3c20e0e8d0a1bfdd7ada

SHA512
3342f755ff6c2f77a4cd8df1fbcf5b4bca46a5b84e3d3c48394fc59958e6a1031cd5570715c8aa74f944ceeff01c63999d04b82e3961db668f97c428e4070b95

Download Submit
memory/288-317-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/524-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/524-364-0x0000000001DB0000-0x0000000001E25000-memory.dmp

Filesize
468KB

Download
memory/560-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1276-255-0x0000000002430000-0x00000000024A5000-memory.dmp

Filesize
468KB

Download
memory/1276-254-0x0000000002430000-0x00000000024A5000-memory.dmp

Filesize
468KB

Download
memory/1532-275-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1532-276-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1532-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-323-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/1640-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-319-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/1656-305-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/1656-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1656-152-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/1656-312-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/1656-153-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/1676-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-289-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/1696-288-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/1756-192-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/1756-186-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/1756-362-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/1756-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1756-354-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/1804-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1996-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2040-217-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2096-388-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2096-380-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2096-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2112-216-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/2112-384-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/2112-210-0x00000000024E0000-0x0000000002555000-memory.dmp

Filesize
468KB

Download
memory/2112-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-342-0x0000000002760000-0x00000000027D5000-memory.dmp

Filesize
468KB

Download
memory/2160-337-0x0000000002760000-0x00000000027D5000-memory.dmp

Filesize
468KB

Download
memory/2196-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-377-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/2228-366-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/2364-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2392-314-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-154-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2416-155-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2416-311-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2416-313-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2416-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-27-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2464-234-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/2464-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2464-238-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/2492-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-341-0x00000000021B0000-0x0000000002225000-memory.dmp

Filesize
468KB

Download
memory/2500-162-0x00000000021B0000-0x0000000002225000-memory.dmp

Filesize
468KB

Download
memory/2500-161-0x00000000021B0000-0x0000000002225000-memory.dmp

Filesize
468KB

Download
memory/2500-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2500-347-0x00000000021B0000-0x0000000002225000-memory.dmp

Filesize
468KB

Download
memory/2524-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-202-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2636-200-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/2656-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2712-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-167-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2720-33-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2720-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-331-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2720-169-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2720-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2720-330-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2720-10-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2720-11-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2828-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2844-343-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2876-67-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2876-253-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2876-165-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2876-164-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2876-257-0x0000000000530000-0x00000000005A5000-memory.dmp

Filesize
468KB

Download
memory/2892-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-382-0x00000000005D0000-0x0000000000645000-memory.dmp

Filesize
468KB

Download
memory/2896-389-0x00000000005D0000-0x0000000000645000-memory.dmp

Filesize
468KB

Download
memory/2896-219-0x00000000005D0000-0x0000000000645000-memory.dmp

Filesize
468KB

Download
memory/2896-223-0x00000000005D0000-0x0000000000645000-memory.dmp

Filesize
468KB

Download
memory/2908-316-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2908-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2976-264-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2976-260-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2976-110-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3036-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download