4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
Size

468KB
MD5

d323418aa23462fb444a0241cbf59d40
SHA1

67d14f233905b48f339181164ba467e548260c5e
SHA256

4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307
SHA512

7375e5d4536ba344bb662796c38496587d13f9ecece619c8632c5372ad7b0bf4cd604c24274d7cf8f9d7890fc746c2b52c2875d8519aa1a86dd35b989ce158ea
SSDEEP

3072:Xrz7ogtxjz8UFbYWPz3yqy8/Eptj7PpgPmHx+lOvElR0AFo1SDl9:XrfoyAUF1PDyqy/BtlElu4o1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3028	Unicorn-58624.exe
2380	Unicorn-60845.exe
2164	Unicorn-59262.exe
2848	Unicorn-18827.exe
2252	Unicorn-48162.exe
2908	Unicorn-55775.exe
2648	Unicorn-18918.exe
3000	Unicorn-51774.exe
1692	Unicorn-23740.exe
1276	Unicorn-12879.exe
1844	Unicorn-49636.exe
1484	Unicorn-43506.exe
2144	Unicorn-53455.exe
1308	Unicorn-64602.exe
1924	Unicorn-63211.exe
2412	Unicorn-25215.exe
2840	Unicorn-50351.exe
1592	Unicorn-56381.exe
2004	Unicorn-9226.exe
1288	Unicorn-31785.exe
864	Unicorn-52760.exe
2564	Unicorn-63695.exe
2016	Unicorn-44592.exe
1716	Unicorn-21479.exe
916	Unicorn-1613.exe
2140	Unicorn-13045.exe
1556	Unicorn-7088.exe
2724	Unicorn-52973.exe
2872	Unicorn-35821.exe
2588	Unicorn-6294.exe
2764	Unicorn-63398.exe
3048	Unicorn-28853.exe
1488	Unicorn-34618.exe
1336	Unicorn-10954.exe
1120	Unicorn-2272.exe
1972	Unicorn-15038.exe
1136	Unicorn-39443.exe
2580	Unicorn-56186.exe
556	Unicorn-65116.exe
2176	Unicorn-10248.exe
2980	Unicorn-48588.exe
2456	Unicorn-13777.exe
1520	Unicorn-65016.exe
1880	Unicorn-6085.exe
3068	Unicorn-44118.exe
2080	Unicorn-57140.exe
1092	Unicorn-55749.exe
1548	Unicorn-10077.exe
2340	Unicorn-5178.exe
2264	Unicorn-41380.exe
2204	Unicorn-21514.exe
1188	Unicorn-41380.exe
2744	Unicorn-35250.exe
1840	Unicorn-16684.exe
1976	Unicorn-6932.exe
2020	Unicorn-49356.exe
1980	Unicorn-1531.exe
1648	Unicorn-45272.exe
2660	Unicorn-9646.exe
2268	Unicorn-17260.exe
448	Unicorn-26803.exe
2432	Unicorn-35734.exe
304	Unicorn-30066.exe
2460	Unicorn-6953.exe

Loads dropped DLL 64 IoCs

pid	Process
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
3028	Unicorn-58624.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
3028	Unicorn-58624.exe
2380	Unicorn-60845.exe
2380	Unicorn-60845.exe
3028	Unicorn-58624.exe
3028	Unicorn-58624.exe
2164	Unicorn-59262.exe
2164	Unicorn-59262.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
2848	Unicorn-18827.exe
2848	Unicorn-18827.exe
2380	Unicorn-60845.exe
2380	Unicorn-60845.exe
2252	Unicorn-48162.exe
2252	Unicorn-48162.exe
3028	Unicorn-58624.exe
2648	Unicorn-18918.exe
2648	Unicorn-18918.exe
3028	Unicorn-58624.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
2164	Unicorn-59262.exe
2908	Unicorn-55775.exe
2164	Unicorn-59262.exe
2908	Unicorn-55775.exe
1692	Unicorn-23740.exe
1692	Unicorn-23740.exe
2380	Unicorn-60845.exe
2380	Unicorn-60845.exe
1924	Unicorn-63211.exe
1924	Unicorn-63211.exe
2164	Unicorn-59262.exe
2164	Unicorn-59262.exe
3000	Unicorn-51774.exe
3000	Unicorn-51774.exe
2848	Unicorn-18827.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
2848	Unicorn-18827.exe
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
2252	Unicorn-48162.exe
2252	Unicorn-48162.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1704	WerFault.exe
1704	WerFault.exe
1704	WerFault.exe
1704	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2948	WerFault.exe
2648	Unicorn-18918.exe
1484	Unicorn-43506.exe
2648	Unicorn-18918.exe
1484	Unicorn-43506.exe
2372	WerFault.exe
2372	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1704	1308	WerFault.exe	45
1340	2908	WerFault.exe	36
2948	1844	WerFault.exe	42
2372	2144	WerFault.exe	43
2192	864	WerFault.exe	53
1876	2340	WerFault.exe	85
2972	1980	WerFault.exe	93
1568	1092	WerFault.exe	83
1528	1136	WerFault.exe	71
2692	1716	WerFault.exe	59
1680	2552	WerFault.exe	104
1700	2332	WerFault.exe	108
3804	1948	WerFault.exe	110
4044	2264	WerFault.exe	89
3312	2564	WerFault.exe	54
3692	1488	WerFault.exe	67
3744	1288	WerFault.exe	51
3660	2456	WerFault.exe	78
3524	1868	WerFault.exe	131
3380	2996	WerFault.exe	113
3376	1044	WerFault.exe	115
5028	1484	WerFault.exe	41
4192	556	WerFault.exe	74
4752	1336	WerFault.exe	68
4288	1964	WerFault.exe	109
5304	1608	WerFault.exe	133
5332	1632	WerFault.exe	147
5296	884	WerFault.exe	138
5280	1976	WerFault.exe	91
5268	2664	WerFault.exe	126
5352	1080	WerFault.exe	135
5708	2020	WerFault.exe	92
5700	2868	WerFault.exe	106
5916	2164	WerFault.exe	32
5804	2268	WerFault.exe	96
5760	1648	WerFault.exe	94
5364	2432	WerFault.exe	98
5276	2136	WerFault.exe	162
2128	2848	WerFault.exe	34
5252	2560	WerFault.exe	130
5216	1144	WerFault.exe	164
6128	2412	WerFault.exe	46
6140	2724	WerFault.exe	62
6112	2636	WerFault.exe	142
6080	1572	WerFault.exe	122
6068	2140	WerFault.exe	60
5996	2464	WerFault.exe	112
6688	2764	WerFault.exe	65
6644	448	WerFault.exe	97
6892	2352	WerFault.exe	101
6916	2856	WerFault.exe	105
6336	2624	WerFault.exe	154
6204	1520	WerFault.exe	79
6228	2580	WerFault.exe	73
6256	2176	WerFault.exe	75
6248	3052	WerFault.exe	119
6680	2804	WerFault.exe	125
6472	1880	WerFault.exe	80
5212	2204	WerFault.exe	86
6404	2152	WerFault.exe	114
6236	2080	WerFault.exe	82
6048	1548	WerFault.exe	84
6744	1612	WerFault.exe	72
7056	2780	WerFault.exe	132

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45667.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
3028	Unicorn-58624.exe
2380	Unicorn-60845.exe
2164	Unicorn-59262.exe
2848	Unicorn-18827.exe
2252	Unicorn-48162.exe
2648	Unicorn-18918.exe
2908	Unicorn-55775.exe
3000	Unicorn-51774.exe
1692	Unicorn-23740.exe
1276	Unicorn-12879.exe
1484	Unicorn-43506.exe
2144	Unicorn-53455.exe
1844	Unicorn-49636.exe
1924	Unicorn-63211.exe
1308	Unicorn-64602.exe
2412	Unicorn-25215.exe
2840	Unicorn-50351.exe
1592	Unicorn-56381.exe
2004	Unicorn-9226.exe
1288	Unicorn-31785.exe
864	Unicorn-52760.exe
2564	Unicorn-63695.exe
2016	Unicorn-44592.exe
1716	Unicorn-21479.exe
1556	Unicorn-7088.exe
916	Unicorn-1613.exe
2724	Unicorn-52973.exe
2872	Unicorn-35821.exe
2588	Unicorn-6294.exe
2764	Unicorn-63398.exe
3048	Unicorn-28853.exe
1488	Unicorn-34618.exe
1336	Unicorn-10954.exe
1120	Unicorn-2272.exe
1136	Unicorn-39443.exe
1972	Unicorn-15038.exe
2580	Unicorn-56186.exe
556	Unicorn-65116.exe
2176	Unicorn-10248.exe
2980	Unicorn-48588.exe
1612	Unicorn-62978.exe
2456	Unicorn-13777.exe
1520	Unicorn-65016.exe
1880	Unicorn-6085.exe
2340	Unicorn-5178.exe
2080	Unicorn-57140.exe
3068	Unicorn-44118.exe
2204	Unicorn-21514.exe
1092	Unicorn-55749.exe
2264	Unicorn-41380.exe
1188	Unicorn-41380.exe
2744	Unicorn-35250.exe
1548	Unicorn-10077.exe
1840	Unicorn-16684.exe
1976	Unicorn-6932.exe
2020	Unicorn-49356.exe
1980	Unicorn-1531.exe
1648	Unicorn-45272.exe
2660	Unicorn-9646.exe
2268	Unicorn-17260.exe
448	Unicorn-26803.exe
2432	Unicorn-35734.exe
2460	Unicorn-6953.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3028	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	30
PID 2388 wrote to memory of 3028	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	30
PID 2388 wrote to memory of 3028	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	30
PID 2388 wrote to memory of 3028	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	30
PID 2388 wrote to memory of 2164	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	32
PID 2388 wrote to memory of 2164	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	32
PID 2388 wrote to memory of 2164	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	32
PID 2388 wrote to memory of 2164	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	32
PID 3028 wrote to memory of 2380	3028	Unicorn-58624.exe	31
PID 3028 wrote to memory of 2380	3028	Unicorn-58624.exe	31
PID 3028 wrote to memory of 2380	3028	Unicorn-58624.exe	31
PID 3028 wrote to memory of 2380	3028	Unicorn-58624.exe	31
PID 2380 wrote to memory of 2848	2380	Unicorn-60845.exe	34
PID 2380 wrote to memory of 2848	2380	Unicorn-60845.exe	34
PID 2380 wrote to memory of 2848	2380	Unicorn-60845.exe	34
PID 2380 wrote to memory of 2848	2380	Unicorn-60845.exe	34
PID 3028 wrote to memory of 2252	3028	Unicorn-58624.exe	35
PID 3028 wrote to memory of 2252	3028	Unicorn-58624.exe	35
PID 3028 wrote to memory of 2252	3028	Unicorn-58624.exe	35
PID 3028 wrote to memory of 2252	3028	Unicorn-58624.exe	35
PID 2164 wrote to memory of 2908	2164	Unicorn-59262.exe	36
PID 2164 wrote to memory of 2908	2164	Unicorn-59262.exe	36
PID 2164 wrote to memory of 2908	2164	Unicorn-59262.exe	36
PID 2164 wrote to memory of 2908	2164	Unicorn-59262.exe	36
PID 2388 wrote to memory of 2648	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	37
PID 2388 wrote to memory of 2648	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	37
PID 2388 wrote to memory of 2648	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	37
PID 2388 wrote to memory of 2648	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	37
PID 2848 wrote to memory of 3000	2848	Unicorn-18827.exe	38
PID 2848 wrote to memory of 3000	2848	Unicorn-18827.exe	38
PID 2848 wrote to memory of 3000	2848	Unicorn-18827.exe	38
PID 2848 wrote to memory of 3000	2848	Unicorn-18827.exe	38
PID 2380 wrote to memory of 1692	2380	Unicorn-60845.exe	39
PID 2380 wrote to memory of 1692	2380	Unicorn-60845.exe	39
PID 2380 wrote to memory of 1692	2380	Unicorn-60845.exe	39
PID 2380 wrote to memory of 1692	2380	Unicorn-60845.exe	39
PID 2252 wrote to memory of 1276	2252	Unicorn-48162.exe	40
PID 2252 wrote to memory of 1276	2252	Unicorn-48162.exe	40
PID 2252 wrote to memory of 1276	2252	Unicorn-48162.exe	40
PID 2252 wrote to memory of 1276	2252	Unicorn-48162.exe	40
PID 2648 wrote to memory of 1844	2648	Unicorn-18918.exe	42
PID 2648 wrote to memory of 1844	2648	Unicorn-18918.exe	42
PID 2648 wrote to memory of 1844	2648	Unicorn-18918.exe	42
PID 2648 wrote to memory of 1844	2648	Unicorn-18918.exe	42
PID 3028 wrote to memory of 1484	3028	Unicorn-58624.exe	41
PID 3028 wrote to memory of 1484	3028	Unicorn-58624.exe	41
PID 3028 wrote to memory of 1484	3028	Unicorn-58624.exe	41
PID 3028 wrote to memory of 1484	3028	Unicorn-58624.exe	41
PID 2388 wrote to memory of 2144	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	43
PID 2388 wrote to memory of 2144	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	43
PID 2388 wrote to memory of 2144	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	43
PID 2388 wrote to memory of 2144	2388	4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe	43
PID 2164 wrote to memory of 1924	2164	Unicorn-59262.exe	44
PID 2164 wrote to memory of 1924	2164	Unicorn-59262.exe	44
PID 2164 wrote to memory of 1924	2164	Unicorn-59262.exe	44
PID 2164 wrote to memory of 1924	2164	Unicorn-59262.exe	44
PID 2908 wrote to memory of 1308	2908	Unicorn-55775.exe	45
PID 2908 wrote to memory of 1308	2908	Unicorn-55775.exe	45
PID 2908 wrote to memory of 1308	2908	Unicorn-55775.exe	45
PID 2908 wrote to memory of 1308	2908	Unicorn-55775.exe	45
PID 1692 wrote to memory of 2412	1692	Unicorn-23740.exe	46
PID 1692 wrote to memory of 2412	1692	Unicorn-23740.exe	46
PID 1692 wrote to memory of 2412	1692	Unicorn-23740.exe	46
PID 1692 wrote to memory of 2412	1692	Unicorn-23740.exe	46

C:\Users\Admin\AppData\Local\Temp\4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe
"C:\Users\Admin\AppData\Local\Temp\4872fcb972d1a8ea61cb8886cd517984f475b621d8595b7d53af4b761fd7c307N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
        9⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        8⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        Program crash
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        8⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        7⤵
        Program crash
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        6⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18641.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30003.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        6⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        6⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        6⤵
        Program crash
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        7⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        7⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        6⤵
        Program crash
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        6⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
        6⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        5⤵
        
        PID:4564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        5⤵
        Program crash
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40560.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        9⤵
        Program crash
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        8⤵
        Program crash
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        8⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        7⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        7⤵
        Program crash
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
        8⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
        7⤵
        
        PID:484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
        7⤵
        Program crash
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47798.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        7⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        7⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        6⤵
        
        PID:4796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        6⤵
        Program crash
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        7⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        8⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        8⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        8⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        7⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
        7⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
        6⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36993.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        7⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        6⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        6⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
        7⤵
        Program crash
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        6⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26734.exe
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        6⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8102.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        5⤵
        
        PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41658.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53828.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        7⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
        6⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9034.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        7⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        7⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        6⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        7⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        7⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32992.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        6⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        7⤵
        Program crash
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        7⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        6⤵
        
        PID:4880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
        6⤵
        Program crash
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        5⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        6⤵
        
        PID:6960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        6⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19210.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6648.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        5⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15012.exe
        6⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26038.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        7⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        6⤵
        
        PID:5092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        6⤵
        Program crash
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28587.exe
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        6⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        6⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1793.exe
        6⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        5⤵
        Program crash
        
        PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        5⤵
        Program crash
        
        PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29782.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        5⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55042.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
      4⤵
      PID:8100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        7⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        8⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        8⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
        7⤵
        Program crash
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        7⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29079.exe
        6⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        6⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10248.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
        6⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        7⤵
        Program crash
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        7⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
        7⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
        6⤵
        Program crash
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        5⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
        6⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54130.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        6⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        6⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        6⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        6⤵
        Program crash
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        5⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40741.exe
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44592.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60181.exe
        8⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
        8⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        8⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        6⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        7⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 216
        7⤵
        Program crash
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4980.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        6⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        5⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48837.exe
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        7⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 220
        7⤵
        Program crash
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        6⤵
        
        PID:6988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
        6⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48929.exe
        5⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7135.exe
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        6⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
        6⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
        5⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        5⤵
        
        PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        7⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        7⤵
        Program crash
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        6⤵
        
        PID:5944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        6⤵
        Program crash
        
        PID:6916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
        5⤵
        Program crash
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
      4⤵
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        5⤵
        
        PID:496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36260.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        6⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        5⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        5⤵
        
        PID:5052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        5⤵
        Program crash
        
        PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        5⤵
        
        PID:4232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        5⤵
        Program crash
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
      4⤵
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        5⤵
        
        PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62303.exe
      4⤵
      PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
      4⤵
      PID:7704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        6⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6588.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        6⤵
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        6⤵
        
        PID:5836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 220
        6⤵
        Program crash
        
        PID:6236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
        5⤵
        Program crash
        
        PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        5⤵
        Program crash
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
      4⤵
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        5⤵
        
        PID:5556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        5⤵
        Program crash
        
        PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
      4⤵
      PID:4068
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
      4⤵
      Program crash
      PID:5028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13045.exe
    3⤵
    - Executes dropped EXE
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        6⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
        7⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        6⤵
        
        PID:4956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        6⤵
        Program crash
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        5⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        6⤵
        
        PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 216
        5⤵
        Program crash
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
      4⤵
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        5⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16080.exe
        6⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58238.exe
        6⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
        5⤵
        Program crash
        
        PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
      4⤵
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        5⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        5⤵
        
        PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
      4⤵
      PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
      4⤵
      Program crash
      PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        5⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        6⤵
        
        PID:3648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        5⤵
        Program crash
        
        PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
      4⤵
      PID:3260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
      4⤵
      PID:5264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
      4⤵
      Program crash
      PID:6228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
    3⤵
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
      4⤵
      PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        5⤵
        
        PID:8020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
      4⤵
      Program crash
      PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
    3⤵
    PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
      4⤵
      PID:7500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
    3⤵
    PID:3452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
    3⤵
    PID:4960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
    3⤵
    PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
    3⤵
    PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
    3⤵
    PID:7684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        7⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        7⤵
        Program crash
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        6⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
        7⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
        6⤵
        
        PID:3984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        6⤵
        Program crash
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        5⤵
        Executes dropped EXE
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        7⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        6⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
        6⤵
        
        PID:7880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62272.exe
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        5⤵
        
        PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15666.exe
        7⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        7⤵
        Program crash
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6032.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2982.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
        6⤵
        
        PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        5⤵
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55194.exe
        6⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        6⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61005.exe
        6⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        5⤵
        
        PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
      4⤵
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        6⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        6⤵
        
        PID:5788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        6⤵
        Program crash
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        5⤵
        
        PID:5968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 220
        5⤵
        Program crash
        
        PID:6892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
      4⤵
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        5⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        5⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
      4⤵
      PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
      4⤵
      PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
      4⤵
      PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31955.exe
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        6⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        7⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        6⤵
        
        PID:4728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        6⤵
        Program crash
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
        5⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        6⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        5⤵
        
        PID:7120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        5⤵
        
        PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
        5⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        7⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        6⤵
        
        PID:4680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 220
        6⤵
        Program crash
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        5⤵
        
        PID:4732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59317.exe
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        5⤵
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
      4⤵
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        5⤵
        
        PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
      4⤵
      PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
      4⤵
      PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30986.exe
        5⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3874.exe
        6⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
        6⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        5⤵
        
        PID:4612
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        5⤵
        Program crash
        
        PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50802.exe
        5⤵
        
        PID:7772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
      4⤵
      Program crash
      PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26803.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48453.exe
      4⤵
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        5⤵
        
        PID:4888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        5⤵
        Program crash
        
        PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
      4⤵
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
      4⤵
      PID:5892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 220
      4⤵
      Program crash
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
    3⤵
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
        5⤵
        
        PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
      4⤵
      PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
      4⤵
      PID:7504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
    3⤵
    PID:3100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
    3⤵
    PID:4984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
    3⤵
    - Program crash
    PID:5916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        5⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        6⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        7⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
        6⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        6⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        6⤵
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        5⤵
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
      4⤵
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59605.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        5⤵
        
        PID:5536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        5⤵
        Program crash
        
        PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21535.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
      4⤵
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
      4⤵
      PID:8188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
      4⤵
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        5⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        6⤵
        
        PID:8004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 216
        5⤵
        Program crash
        
        PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
        5⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        5⤵
        
        PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
      4⤵
      PID:5472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
      4⤵
      Program crash
      PID:6204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
    3⤵
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        5⤵
        
        PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
      4⤵
      PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
      4⤵
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45201.exe
      4⤵
      PID:7508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
    3⤵
    PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
      4⤵
      PID:7664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
    3⤵
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
    3⤵
    PID:5448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
    3⤵
    PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
    3⤵
    PID:7232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
      4⤵
      PID:2332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        5⤵
        Program crash
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5534.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        5⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        5⤵
        
        PID:7360
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
      4⤵
      Program crash
      PID:3660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
    3⤵
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        5⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
        5⤵
        
        PID:6956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3876
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
      4⤵
      Program crash
      PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
    3⤵
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
      4⤵
      PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
      4⤵
      PID:7776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
    3⤵
    - Program crash
    PID:3312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
    3⤵
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40693.exe
      4⤵
      PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
    3⤵
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
      4⤵
      PID:8244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
    3⤵
    PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
    3⤵
    PID:6720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
    3⤵
    PID:7700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
    3⤵
    PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
    3⤵
    PID:5876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
    3⤵
    PID:7268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35813.exe
  2⤵
  PID:2720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
  2⤵
  PID:3412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
  2⤵
  PID:6672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7624.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7624.exe
  2⤵
  PID:7716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe

Filesize
468KB

MD5
fd927cb55b9336eccc545f795a9df483

SHA1
48613b26898259c9401355aad26dddd7a7d32a16

SHA256
9f2e44ccd1d3bec59a140aaf92d69bb65bb6a479fad52e4e62f6e389b996bd9c

SHA512
028c3d7ccebbdfcc399eaa0d2be6f852c390fcaa5ceba712dae657de85f529617c512ec4d7beb04909d52f48becea12a31ec7f519a3e7d605e3b7fd4443460b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe

Filesize
468KB

MD5
b40c00cbc48bb2edcac5509e4118231c

SHA1
2d1332de9ef2141e86a42a2736d279171ad97771

SHA256
c1aca79e40c9351a5cc9dd9ef6320de137ed2f24b3bcf784ba488326675f9498

SHA512
c9ee3612806803f16191fb61c4cf670f414c19eea5abb70f218a8506b184a96cb12247c2c55ea2fb5b5804c20ca1227277bfc701cf67bf3c2434e5fbd02a6d63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe

Filesize
468KB

MD5
10a25cad3a732603f5c24a5e07bdfb40

SHA1
287d93b1d8b22333685e634db2f2d76da73e0ce8

SHA256
9d65648311d8453610c99735f6999b6e505fdd08740a4fda65a4763c961f88f8

SHA512
6f9b9d88cc87e6a25d8dc29e2047943e4c43e2aa2e5af90f2151bf74a689385bbc4ee4fa9eda4f84bfef2fec5b378eb53da0752f6229161af7975849fb9a8bcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe

Filesize
468KB

MD5
c1be81fb13eb7b8840dee302dab22299

SHA1
deb63ed3f29f523b6dd8492346bdd1045b7ccdc6

SHA256
9473737676c8d80cc228f1d9f6246f4e7538a21442b51b539a543287c0eeb5d7

SHA512
4efa1552c8047526c94f03090468b8b47e252f0888e2f49dfbde59f236b105a7237cf2243777298d4a85602f409fc4d7a8f3c7448d1abe5e73ef172cf5297155

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18918.exe

Filesize
468KB

MD5
db3776bd4c66d4c4db145f2e365647aa

SHA1
5f2a16dffea42cdca3ba962120ebc829833384dd

SHA256
defebf087be34ad8f5e6a8f9abb8466bace88ebec46ec96988be8cb3d22727e5

SHA512
067c8e4c56bb6f22ee6e16318631cba16ca8165e53a67285c1382e7601d3b50dae9aa0df2eda24229505caaa365c86ab625b4e74dcea4486ebb4ef711acade3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe

Filesize
468KB

MD5
2ebf4cf73e5b2c86bf64b9cf150fb72f

SHA1
a72eb9f7d897b2aebd3ca04079d910ff34d9f4ae

SHA256
089e1f15e7017549d3adf64751959c478a93913b6e935b0d93d5c155bc3ff255

SHA512
a9c0399994a3df0d0af9ed77899c8415fd3b358cf62c9df3e03a22ff24c462916ce49431ef8004c34e4b32ad07206aafef060df2955d06aae016b615439df849

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe

Filesize
468KB

MD5
28139e63f051ee3c613ac14f733e5c8d

SHA1
47d8e962a358f5e1b6367212a69b555f3a52cebe

SHA256
136aeab7ca4fa6e71d1e3013a56125a2f911e307c20570aaf58ab1f8ef07789b

SHA512
655bfec283ffc2fec0cd5ac5f68871c21cdb5adc837a5f493561ae90fd9478ddc03ad86f29a17389dfd0ad4770869ac1f9dec721f50c8cf450cb1d5616f0d006

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe

Filesize
468KB

MD5
e4b6f7b4eb1a20d8c31153114b1fcc13

SHA1
40d95a980b5b527730a87ae00b8991c738aa35b3

SHA256
85d83864c6c55f54a43e11c1bb620bef5b634c41a809001f6d3db8ebb1c479b5

SHA512
5e9ce0ebf9336f4fc2a40066dda90d9acd0d6f79ff9c3597ae8fea3671585cc6b84a07e6d096c0d03ba8521cf3aa7f97994bbad8dc5c92fe41b347174359578a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe

Filesize
468KB

MD5
40ffdc4f1bf8a0c553545e8aba51d393

SHA1
eecb2995f307c1dc18b35510a93df0314b3c3d05

SHA256
f96cb9a8ad94d7ec02167e234bce9f993ac0d0e1a2ed183d0b661a2cb38fa2ee

SHA512
772b05ed6abe3dba47a61b1c995ac434fb0b4b25d1f05026679d21246cc27a7bcb462d37d4a3277ae0deef27d59b84d0f7cf5541bd413f1a2975d0459d1da33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe

Filesize
468KB

MD5
eae4764fecab47334f91f7614e18a750

SHA1
3d8272d467395a14bd765ea5a9eca4e19dde2dfc

SHA256
830e65403b5a8716599b80a1e7679c13fa85e9f9d657cedab14a28417761ae3a

SHA512
d2941585557203ed1c043bab39d2a5b8a7398e484307aec8eabed8bcfb84c3106d74eeed0255d3da0d8cb8fe5272597b38a9498927cac4cfc5aa8a8785ac6488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe

Filesize
468KB

MD5
ac064a8bc5577d09e4a5d82cc6d2e853

SHA1
df1ae072bdd13dc38be7b4c800ef2453b7e19acf

SHA256
0d288cc2dfa3f4fdef41f8dd27d1b839cd74ce7225bab1b45e10ef82994e9545

SHA512
afae08de904c6ebf31a0d0a117a2284fe11cbcf56e82b8e8c02d51875f64d89adedd642272719356d2c11d2add0e6c5323fee4116a7b8966a4b378edf7f66d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5474.exe

Filesize
468KB

MD5
f292edd3f87b680097e61bdeb0ba5af9

SHA1
37fe4c96b9c0846bf847276838ff29c3e6c1f5a1

SHA256
33673cf671745d9efdbfa4c70fc68699ec77dca4eea4fe8fec9a9a404c3cbdfd

SHA512
ed303042f8d46224770028dfbb91717d1c7be51cc49e1a1f52127ff69ad71e31b1949da2ead361b8139b7bb51ff3941534b27cdbc9150f163e245e4847332c61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe

Filesize
468KB

MD5
376099158f4e20fafd6b8cbd4104488b

SHA1
5284161beba591cf2bd3fb7a7ae8189fc4905c20

SHA256
1db6a18de6a3eb083534cf809095e5aac54a7bf9f038763f69454b21915c25e8

SHA512
268b0b6c21e764292faf9dcbf84049fd3edb2050a5424e31f90ad82836a6333bf50372da4b60e43b0ccf29059cfcf273ec0835fe19c544804acde2836c8fc2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe

Filesize
468KB

MD5
12e88dd34a6b7b786f01d40e5670ba19

SHA1
54b77806835c587d4470e25bf057cba56874b374

SHA256
5af07ca7b9e86470ce1e1a3327c66a8fd62dae1db7eb0240e70f2a2d7ca8b0d1

SHA512
a367e367547d598d755c2417f479e7c585cf65636fbb7921bdc2ff3bb56fccd2ea2622c4db771e80c40332f68ffceb6d290352635b552561f187d14756a7efb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe

Filesize
468KB

MD5
14d060268fd0b7a2005cef724f311639

SHA1
7ba0d7b306928808b21d9034a4adcaee22877792

SHA256
565ab7351252458f7c0303ec08e40f40defb7d6f1f4b8d621f0575f25907b61c

SHA512
21e84d3437c8442047b9563230c432d2c603412e61998e4f17499c4c177b8313193563e6ed47d589f9fb68b4dc06b1eeb15c242b0b5e45209e40412188adba35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe

Filesize
468KB

MD5
7a850ec53bed12dc058673d65a3ca523

SHA1
43330891a125ae8159324b84bd69ab9c82d831ae

SHA256
9e50c531891f06786786f50ec47946341e1e6185984b2babe39750e90f675a00

SHA512
272b1784984f7a795eafb0c4e051d3d1617ac785880498f9086ecdbcb77d53241b1151c21117d2764d8612edf234d3edae9900f0fdd4692e49edcc8475a305fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe

Filesize
468KB

MD5
73fdc2364de4fe86a4682d134866d116

SHA1
55669c4f0db92434c65cb4003c13f2616abf285e

SHA256
9310b453da153efed2c260af3f70f3bdfc070b31fc761cfe97a4f387282a067c

SHA512
627e1bcfc8425d8c036bc58077d1c6a300beed3a8de7945b27a3e272d9cba27b20c7ab1da6dfd78b1c52e0d3a10428470102c728b57d3ba97e8a3d6ebb676cb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe

Filesize
468KB

MD5
30fe33795132d5af981d0ed8e0c2a0ee

SHA1
8d6ca36a37a6b1d78a7e9a00dfabec52286525d6

SHA256
76485b95cccf69e6d34fce4cd58e94178b4eeb8ac98c0635c7ef83b1523fa32d

SHA512
9d2ae75166b3d088bc2e8d9d42ac2c78bb0b02124cca3206a1f964d6db6ad98a02643f1b76f597a85548891bd94d38c4591a839a20eb2d01a0d8f2c4eb775965

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe

Filesize
468KB

MD5
79d5ebc4470ba8c3a5f08f053fb0a347

SHA1
7f78e5f13aeffbfd6d317f9d3ee347e13ed3d20b

SHA256
5fb4a32723532d9afd9ed01eef7bea6b90beb7cd5c8e3b509fefff1fea27e720

SHA512
5fc8eb06e9c645a9e0c3c5b2b3f94ebb737bff2a06e1e8a90bf2122f638698b4c7d24c59bbde56d01aee8bf984d856f2b2117fa031875ca5bde187771386ba7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49636.exe

Filesize
468KB

MD5
a5b1cf7884866a6cda1a61430804b2fb

SHA1
6f85619f0c9a06e8b71657751b3fcdb9d3c1e869

SHA256
c0e63f30546c1f8aaea247152024803a688db77a6cc537ff2ce9cd1a566bf4cf

SHA512
d8ac4c003927de3c8dec4b86d7a1eb83fd943253e5786c93e0b22997aa0b8a0e22f43536ba5d992992b29e14bc1636c82bf378ed3bb3f623a887ceca1775bec9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50351.exe

Filesize
468KB

MD5
682e9751a8b5c77106dd923413d470ea

SHA1
10fa7c1225c30abbdec8964867ea5c4ba6e9f130

SHA256
0a9746dcc0b627d5f8a41e5c1824adab87247ebb538484804e1f6d6e846515fc

SHA512
c796bea40b36c9ed2575d98c1adc1821801095841f05c033f6071b9ab66d9fbaf77edf9c2bb2b050a282462d613b59a50364cbfb9fabc84bcc30d921869f8165

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe

Filesize
468KB

MD5
8e0fee6098efbf8def9e9e95d1b546af

SHA1
59c430316ddb3f5d10875879be5d8c9e81ddaee5

SHA256
f21b7c91c2f754f99cee57716e451e5a6852f4e0b4daac3386cbe70ff833558b

SHA512
8b69642e678e7fcd023fe9ccc75a68d363c2f5bd4ebc536442dd8bcd7f3a07661a553d6ef252e768ed25c2c46fc3a7d6bee36d77205ee7a9979ef38905097f3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe

Filesize
468KB

MD5
0acd3c610fc052217a3035693550172d

SHA1
49f52c36d547826d9a042559ffd2f43e9741ed75

SHA256
fdcda64a4627b85c1f7d3f6bcf2206e8975bcac09ffa19d7e544dbfb94d5cfd1

SHA512
ae4f90a1c15a9927aab9c3d5ec05952962b83e9dafa21cab55b00fec03d5b5ff8c64a5b55257bccf79463d0bfb1446f760f2b456e54f853358f55521a7350162

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe

Filesize
468KB

MD5
46817d49cd7782978abe70abaa40cf12

SHA1
2eb649b5f9883cc6f2c591b628d44008e4d7f83b

SHA256
4e8fb5fc7cadb60765f916837a8ea73b08aa4fc205b47011d07c5cf3e03b871e

SHA512
2d576084db17fde324afb0d28e2f8f35207140eef6160deaf362f1c6a57ba4b1488885cd143fb146e3e69aadbf9f9c69c24b15b3ca0011bb593cf7f9d6f40a67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe

Filesize
468KB

MD5
c8ff56c4f2a13b3fc29f3a21573304ae

SHA1
8ae1551f7920a3c3e9a3a1a7c10048788127bc60

SHA256
53495aa53b55e3a0a689d65131c251cf3cd1818aed11682280845f7ed73a8937

SHA512
19563b8ad52169533aba6617c33f1f88feff9b1bd9f87f1965f8dccac04cde488bd73e0b12602efab4213caaa55c9ba555bfbfef277bb8e2bf751302c98b8202

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe

Filesize
468KB

MD5
812126cd48b7cb582104bf15abeb6f36

SHA1
2ec8876e813bad7ee9538a4084c9837193a8b05c

SHA256
5895ef9ec1c334c22cfc2def41483d493c1b100d144609b250150bedff8df984

SHA512
403d884cc76121f67987c3e122ef3c749003dae1a8c1244d0c34fb78795d3158f565b17cb47234a062e57c3f19e955dec2a86d4b6beb5af4f5297a547c955af3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe

Filesize
468KB

MD5
7bece21becc945eefb1274bbfa69e605

SHA1
27fc829911cf562cade2b8f285be2c69921e4514

SHA256
bf7766f1512cddf819edace355a6b03b2c8222e221f279765106fddcfc5cd691

SHA512
e9e77651defad8e5ea81e25f8ef1aa1015b6423291327dbc07e7d0f254414f029b1268d4accff6b2cc6b86e072d8ed516eb28ff36e4411db7e2b0110e19fb975

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe

Filesize
468KB

MD5
39f0f2b27cea4ee0bf1d88ebd1055083

SHA1
1fad674b810ac73bff68c361e04f846bea46b35d

SHA256
7b81fd15cdfdaa016831f83d15a7d1a84b696cfa7785d7a50cd18d52da79ef77

SHA512
47ef7e583bad12936fc608fbd57186bf8eef6214509718f6293dc6a509af550c870e3a3aae0503cccb4c166d66fd8fadcb87b1f38d4e13dee20ed10e3f7b0dd7

Download Submit
memory/864-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/916-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1120-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1276-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1276-303-0x00000000025B0000-0x0000000002625000-memory.dmp

Filesize
468KB

Download
memory/1276-309-0x00000000025B0000-0x0000000002625000-memory.dmp

Filesize
468KB

Download
memory/1288-246-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1308-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1336-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1484-289-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/1488-373-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-431-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/1592-361-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/1592-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1592-359-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/1612-412-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1692-198-0x00000000025B0000-0x0000000002625000-memory.dmp

Filesize
468KB

Download
memory/1692-195-0x00000000025B0000-0x0000000002625000-memory.dmp

Filesize
468KB

Download
memory/1692-333-0x00000000025B0000-0x0000000002625000-memory.dmp

Filesize
468KB

Download
memory/1692-327-0x00000000025B0000-0x0000000002625000-memory.dmp

Filesize
468KB

Download
memory/1716-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1844-154-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1924-228-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1924-223-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1924-180-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1972-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2004-381-0x0000000001C40000-0x0000000001CB5000-memory.dmp

Filesize
468KB

Download
memory/2004-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2004-382-0x0000000001C40000-0x0000000001CB5000-memory.dmp

Filesize
468KB

Download
memory/2016-400-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2016-401-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2016-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2140-410-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2140-305-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-155-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2164-368-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2164-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2164-230-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2164-176-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2164-372-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2164-163-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2164-229-0x0000000001C60000-0x0000000001CD5000-memory.dmp

Filesize
468KB

Download
memory/2252-288-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2252-269-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2252-409-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2252-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2252-408-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/2380-102-0x00000000007C0000-0x0000000000835000-memory.dmp

Filesize
468KB

Download
memory/2380-411-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-352-0x00000000007C0000-0x0000000000835000-memory.dmp

Filesize
468KB

Download
memory/2380-43-0x00000000007C0000-0x0000000000835000-memory.dmp

Filesize
468KB

Download
memory/2380-49-0x00000000007C0000-0x0000000000835000-memory.dmp

Filesize
468KB

Download
memory/2380-207-0x00000000007C0000-0x0000000000835000-memory.dmp

Filesize
468KB

Download
memory/2380-350-0x00000000007C0000-0x0000000000835000-memory.dmp

Filesize
468KB

Download
memory/2388-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-153-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2388-273-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2388-262-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2388-152-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2388-6-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2388-33-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2388-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2388-12-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2412-196-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2412-321-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2412-320-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2564-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2588-342-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2648-291-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/2648-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2648-151-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/2648-298-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/2648-150-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/2724-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2764-351-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-340-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2840-341-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2848-259-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2848-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-95-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/2848-52-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-177-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2908-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-164-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3000-245-0x00000000024C0000-0x0000000002535000-memory.dmp

Filesize
468KB

Download
memory/3000-238-0x00000000024C0000-0x0000000002535000-memory.dmp

Filesize
468KB

Download
memory/3028-388-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3028-22-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3028-299-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3028-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3028-430-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3048-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download