81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916

Analysis

max time kernel
113s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
Size

468KB
MD5

8f526019234f1eb48335f45131cc0460
SHA1

85463869ae78c33498f111f793e6107980f682eb
SHA256

81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916
SHA512

2dbf081c12f4833968d1daabcff5f65f7eba701253f07cd088f1d603b122fec161609bf9e4a0d665b1e3ce0148c55895959cc72a3b9e174e19e858eb8cceab3f
SSDEEP

3072:tqYnowL5My8U6bYqfz5Vff5ECh5shpBnmHePVpgupInDcGjDqlZ:tq0oTLU6tf1VffYH34upGwGjD

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1892	Unicorn-34325.exe
3056	Unicorn-10687.exe
2496	Unicorn-6281.exe
2780	Unicorn-7125.exe
2628	Unicorn-607.exe
2660	Unicorn-64996.exe
2620	Unicorn-5589.exe
2468	Unicorn-28356.exe
2972	Unicorn-54126.exe
3036	Unicorn-9222.exe
2904	Unicorn-44722.exe
3004	Unicorn-51620.exe
3044	Unicorn-40172.exe
2248	Unicorn-40437.exe
1408	Unicorn-22875.exe
2064	Unicorn-37373.exe
912	Unicorn-22682.exe
624	Unicorn-2816.exe
1608	Unicorn-8871.exe
1720	Unicorn-58883.exe
1736	Unicorn-50616.exe
2564	Unicorn-62239.exe
2096	Unicorn-2832.exe
1852	Unicorn-2832.exe
1120	Unicorn-564.exe
1744	Unicorn-20430.exe
980	Unicorn-20430.exe
1912	Unicorn-59656.exe
1588	Unicorn-59921.exe
2708	Unicorn-4285.exe
2484	Unicorn-15220.exe
2776	Unicorn-34504.exe
2216	Unicorn-20284.exe
3048	Unicorn-55609.exe
2736	Unicorn-24124.exe
2696	Unicorn-24639.exe
1016	Unicorn-57887.exe
1916	Unicorn-51757.exe
868	Unicorn-11893.exe
2948	Unicorn-23606.exe
2968	Unicorn-23871.exe
1696	Unicorn-4005.exe
2364	Unicorn-46843.exe
2424	Unicorn-31676.exe
2600	Unicorn-40129.exe
1760	Unicorn-56045.exe
1596	Unicorn-21488.exe
1680	Unicorn-41354.exe
468	Unicorn-7440.exe
948	Unicorn-32906.exe
2120	Unicorn-44307.exe
976	Unicorn-58078.exe
876	Unicorn-64208.exe
1528	Unicorn-55966.exe
2472	Unicorn-9750.exe
2764	Unicorn-62672.exe
2852	Unicorn-25485.exe
2844	Unicorn-34416.exe
2824	Unicorn-14550.exe
2636	Unicorn-33927.exe
2664	Unicorn-51717.exe
2960	Unicorn-44551.exe
2840	Unicorn-6730.exe
1800	Unicorn-31204.exe

Loads dropped DLL 64 IoCs

pid	Process
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
1892	Unicorn-34325.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
1892	Unicorn-34325.exe
3056	Unicorn-10687.exe
3056	Unicorn-10687.exe
1892	Unicorn-34325.exe
1892	Unicorn-34325.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
2496	Unicorn-6281.exe
2496	Unicorn-6281.exe
2780	Unicorn-7125.exe
2780	Unicorn-7125.exe
3056	Unicorn-10687.exe
3056	Unicorn-10687.exe
2628	Unicorn-607.exe
2628	Unicorn-607.exe
1892	Unicorn-34325.exe
1892	Unicorn-34325.exe
2660	Unicorn-64996.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
2660	Unicorn-64996.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
2620	Unicorn-5589.exe
2620	Unicorn-5589.exe
2496	Unicorn-6281.exe
2496	Unicorn-6281.exe
2468	Unicorn-28356.exe
2468	Unicorn-28356.exe
2972	Unicorn-54126.exe
2972	Unicorn-54126.exe
2780	Unicorn-7125.exe
2780	Unicorn-7125.exe
3056	Unicorn-10687.exe
3056	Unicorn-10687.exe
3036	Unicorn-9222.exe
3036	Unicorn-9222.exe
2628	Unicorn-607.exe
2628	Unicorn-607.exe
2496	Unicorn-6281.exe
2248	Unicorn-40437.exe
1408	Unicorn-22875.exe
2248	Unicorn-40437.exe
2496	Unicorn-6281.exe
1408	Unicorn-22875.exe
2620	Unicorn-5589.exe
3004	Unicorn-51620.exe
2904	Unicorn-44722.exe
3004	Unicorn-51620.exe
2620	Unicorn-5589.exe
2904	Unicorn-44722.exe
1892	Unicorn-34325.exe
3044	Unicorn-40172.exe
3044	Unicorn-40172.exe
1892	Unicorn-34325.exe
2660	Unicorn-64996.exe
2660	Unicorn-64996.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
912	Unicorn-22682.exe
912	Unicorn-22682.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
6444	5476	WerFault.exe	448
6428	5924	WerFault.exe	482
6436	5848	WerFault.exe	474
6480	5412	WerFault.exe	443
6520	5800	WerFault.exe	471
6544	6012	WerFault.exe	488
6612	6024	WerFault.exe	490
6600	5492	WerFault.exe	449
6588	5680	WerFault.exe	463
6572	5620	WerFault.exe	455

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38412.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4548.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61950.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48624.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
1892	Unicorn-34325.exe
3056	Unicorn-10687.exe
2496	Unicorn-6281.exe
2780	Unicorn-7125.exe
2628	Unicorn-607.exe
2660	Unicorn-64996.exe
2620	Unicorn-5589.exe
2468	Unicorn-28356.exe
2972	Unicorn-54126.exe
3036	Unicorn-9222.exe
2904	Unicorn-44722.exe
3004	Unicorn-51620.exe
2248	Unicorn-40437.exe
3044	Unicorn-40172.exe
1408	Unicorn-22875.exe
2064	Unicorn-37373.exe
912	Unicorn-22682.exe
624	Unicorn-2816.exe
1608	Unicorn-8871.exe
1720	Unicorn-58883.exe
1736	Unicorn-50616.exe
2564	Unicorn-62239.exe
980	Unicorn-20430.exe
2708	Unicorn-4285.exe
1120	Unicorn-564.exe
1912	Unicorn-59656.exe
1744	Unicorn-20430.exe
2484	Unicorn-15220.exe
1852	Unicorn-2832.exe
2096	Unicorn-2832.exe
1588	Unicorn-59921.exe
2776	Unicorn-34504.exe
2216	Unicorn-20284.exe
2736	Unicorn-24124.exe
3048	Unicorn-55609.exe
1016	Unicorn-57887.exe
868	Unicorn-11893.exe
2696	Unicorn-24639.exe
1916	Unicorn-51757.exe
2948	Unicorn-23606.exe
2968	Unicorn-23871.exe
1696	Unicorn-4005.exe
2364	Unicorn-46843.exe
2424	Unicorn-31676.exe
2600	Unicorn-40129.exe
1760	Unicorn-56045.exe
1596	Unicorn-21488.exe
1680	Unicorn-41354.exe
468	Unicorn-7440.exe
948	Unicorn-32906.exe
976	Unicorn-58078.exe
876	Unicorn-64208.exe
2120	Unicorn-44307.exe
1528	Unicorn-55966.exe
2472	Unicorn-9750.exe
2764	Unicorn-62672.exe
2852	Unicorn-25485.exe
2844	Unicorn-34416.exe
2636	Unicorn-33927.exe
2824	Unicorn-14550.exe
2664	Unicorn-51717.exe
2960	Unicorn-44551.exe
2840	Unicorn-6730.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1892	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	31
PID 2332 wrote to memory of 1892	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	31
PID 2332 wrote to memory of 1892	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	31
PID 2332 wrote to memory of 1892	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	31
PID 2332 wrote to memory of 2496	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	33
PID 2332 wrote to memory of 2496	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	33
PID 2332 wrote to memory of 2496	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	33
PID 2332 wrote to memory of 2496	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	33
PID 1892 wrote to memory of 3056	1892	Unicorn-34325.exe	32
PID 1892 wrote to memory of 3056	1892	Unicorn-34325.exe	32
PID 1892 wrote to memory of 3056	1892	Unicorn-34325.exe	32
PID 1892 wrote to memory of 3056	1892	Unicorn-34325.exe	32
PID 3056 wrote to memory of 2780	3056	Unicorn-10687.exe	34
PID 3056 wrote to memory of 2780	3056	Unicorn-10687.exe	34
PID 3056 wrote to memory of 2780	3056	Unicorn-10687.exe	34
PID 3056 wrote to memory of 2780	3056	Unicorn-10687.exe	34
PID 1892 wrote to memory of 2628	1892	Unicorn-34325.exe	35
PID 1892 wrote to memory of 2628	1892	Unicorn-34325.exe	35
PID 1892 wrote to memory of 2628	1892	Unicorn-34325.exe	35
PID 1892 wrote to memory of 2628	1892	Unicorn-34325.exe	35
PID 2332 wrote to memory of 2660	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	36
PID 2332 wrote to memory of 2660	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	36
PID 2332 wrote to memory of 2660	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	36
PID 2332 wrote to memory of 2660	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	36
PID 2496 wrote to memory of 2620	2496	Unicorn-6281.exe	37
PID 2496 wrote to memory of 2620	2496	Unicorn-6281.exe	37
PID 2496 wrote to memory of 2620	2496	Unicorn-6281.exe	37
PID 2496 wrote to memory of 2620	2496	Unicorn-6281.exe	37
PID 2780 wrote to memory of 2468	2780	Unicorn-7125.exe	38
PID 2780 wrote to memory of 2468	2780	Unicorn-7125.exe	38
PID 2780 wrote to memory of 2468	2780	Unicorn-7125.exe	38
PID 2780 wrote to memory of 2468	2780	Unicorn-7125.exe	38
PID 3056 wrote to memory of 2972	3056	Unicorn-10687.exe	39
PID 3056 wrote to memory of 2972	3056	Unicorn-10687.exe	39
PID 3056 wrote to memory of 2972	3056	Unicorn-10687.exe	39
PID 3056 wrote to memory of 2972	3056	Unicorn-10687.exe	39
PID 2628 wrote to memory of 3036	2628	Unicorn-607.exe	40
PID 2628 wrote to memory of 3036	2628	Unicorn-607.exe	40
PID 2628 wrote to memory of 3036	2628	Unicorn-607.exe	40
PID 2628 wrote to memory of 3036	2628	Unicorn-607.exe	40
PID 1892 wrote to memory of 2904	1892	Unicorn-34325.exe	41
PID 1892 wrote to memory of 2904	1892	Unicorn-34325.exe	41
PID 1892 wrote to memory of 2904	1892	Unicorn-34325.exe	41
PID 1892 wrote to memory of 2904	1892	Unicorn-34325.exe	41
PID 2660 wrote to memory of 3004	2660	Unicorn-64996.exe	42
PID 2660 wrote to memory of 3004	2660	Unicorn-64996.exe	42
PID 2660 wrote to memory of 3004	2660	Unicorn-64996.exe	42
PID 2660 wrote to memory of 3004	2660	Unicorn-64996.exe	42
PID 2332 wrote to memory of 3044	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	43
PID 2332 wrote to memory of 3044	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	43
PID 2332 wrote to memory of 3044	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	43
PID 2332 wrote to memory of 3044	2332	81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe	43
PID 2620 wrote to memory of 2248	2620	Unicorn-5589.exe	44
PID 2620 wrote to memory of 2248	2620	Unicorn-5589.exe	44
PID 2620 wrote to memory of 2248	2620	Unicorn-5589.exe	44
PID 2620 wrote to memory of 2248	2620	Unicorn-5589.exe	44
PID 2496 wrote to memory of 1408	2496	Unicorn-6281.exe	45
PID 2496 wrote to memory of 1408	2496	Unicorn-6281.exe	45
PID 2496 wrote to memory of 1408	2496	Unicorn-6281.exe	45
PID 2496 wrote to memory of 1408	2496	Unicorn-6281.exe	45
PID 2468 wrote to memory of 2064	2468	Unicorn-28356.exe	47
PID 2468 wrote to memory of 2064	2468	Unicorn-28356.exe	47
PID 2468 wrote to memory of 2064	2468	Unicorn-28356.exe	47
PID 2468 wrote to memory of 2064	2468	Unicorn-28356.exe	47

C:\Users\Admin\AppData\Local\Temp\81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe
"C:\Users\Admin\AppData\Local\Temp\81596efd0213a5520464ff094add8c25fb5972e4c8ba84e2616f79243f19a916N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        9⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 188
        10⤵
        Program crash
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        7⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        8⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
        7⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35497.exe
        6⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        6⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        6⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
        6⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40859.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49545.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47495.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        7⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        6⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1232.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        7⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        6⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        6⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29746.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51757.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40859.exe
        6⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        7⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14039.exe
        6⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        6⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        5⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
        5⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        8⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        9⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 188
        10⤵
        Program crash
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        7⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 188
        9⤵
        Program crash
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        7⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        7⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31538.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10882.exe
        6⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        6⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        6⤵
        Executes dropped EXE
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        7⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        5⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        7⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42330.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45563.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        5⤵
        
        PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3780.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
        5⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        6⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        5⤵
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41264.exe
        5⤵
        
        PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        6⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7526.exe
        5⤵
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30894.exe
        5⤵
        
        PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
      4⤵
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1759.exe
      4⤵
      PID:5288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12410.exe
        7⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        7⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        7⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
        6⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8813.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        6⤵
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4005.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        6⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        7⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        6⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        5⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        6⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 188
        7⤵
        Program crash
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        7⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19655.exe
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
        6⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
        5⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        6⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        5⤵
        
        PID:5868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        6⤵
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        6⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 188
        7⤵
        Program crash
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        5⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        5⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14201.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
      4⤵
      PID:5140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        6⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        6⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        5⤵
        
        PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59656.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
      4⤵
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        5⤵
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
        5⤵
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
      4⤵
      PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59731.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        5⤵
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50174.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
    3⤵
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
      4⤵
      PID:5420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
    3⤵
    PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
    3⤵
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
    3⤵
    PID:5860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49900.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29679.exe
        6⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        6⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        6⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60806.exe
        7⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        7⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
        5⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        6⤵
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        5⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45014.exe
        5⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8482.exe
        5⤵
        
        PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        6⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 188
        7⤵
        Program crash
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
      4⤵
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
      4⤵
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
      4⤵
      PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10604.exe
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30702.exe
        7⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
        5⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31653.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        5⤵
        
        PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        5⤵
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5340.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
      4⤵
      PID:5256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39192.exe
        5⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        5⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
      4⤵
      PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28094.exe
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
      4⤵
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        5⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        5⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        5⤵
        
        PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
      4⤵
      PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      4⤵
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
    3⤵
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
      4⤵
      PID:5800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 188
        5⤵
        Program crash
        
        PID:6520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
    3⤵
    PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61950.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36854.exe
    3⤵
    PID:5792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        6⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3347.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
        6⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        5⤵
        
        PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        5⤵
        
        PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        6⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4548.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45014.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
      4⤵
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38740.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        5⤵
        
        PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 188
        6⤵
        Program crash
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6204.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
      4⤵
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        6⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        5⤵
        
        PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40376.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14869.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4476.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        5⤵
        
        PID:5412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 188
        6⤵
        Program crash
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59082.exe
      4⤵
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
      4⤵
      PID:5156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
    3⤵
    PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
      4⤵
      PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7026.exe
    3⤵
    PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
    3⤵
    PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
    3⤵
    PID:6108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        5⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        6⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12635.exe
        5⤵
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
      4⤵
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 188
        6⤵
        Program crash
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
      4⤵
      PID:3812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      4⤵
      PID:1244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33927.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
      4⤵
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31154.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
      4⤵
      PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
    3⤵
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29722.exe
      4⤵
      PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
      4⤵
      PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
      4⤵
      PID:5428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13011.exe
    3⤵
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
    3⤵
    PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
    3⤵
    PID:6092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15220.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50485.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
      4⤵
      PID:828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
    3⤵
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
      4⤵
      PID:5244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
    3⤵
    PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44431.exe
    3⤵
    PID:5392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
    3⤵
    PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49900.exe
    3⤵
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
    3⤵
    PID:4264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
    3⤵
    PID:5452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58742.exe
  2⤵
  PID:2232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
  2⤵
  PID:3308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
  2⤵
  PID:5076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
  2⤵
  PID:5296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe

Filesize
468KB

MD5
e957b26b31cf20ac67a5ec6f5b18547e

SHA1
de0eb475fe76db983c7bc279e2ebf467516d17f6

SHA256
b52cf040d5fb11df66f9517f8a964859e290fc7e707a046cd0d1398d13fdfe2c

SHA512
59aaf8a8fbff55924800adf2d0a4f555028ff233eca3f7c6b46be8a9053eacae6a683cd1f3a3daf6a49b81b2c04f4d6ffadc23012de1711d7e37e7faeeba700b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe

Filesize
468KB

MD5
326ea21f1fcac429e0d69f11a30558d1

SHA1
62af6d2e687b1093be895a95fe6f44b911071a4a

SHA256
a72081b66ee1366fee118d07af987c3a899ac7a9ecbe5b3eb531ba6f9e42b7a2

SHA512
bccacbaf21cfd92a86ca45367521aa0ba0e9b19c11d4643a2da573500229fc3ff9963f26c2fec213e14d57f35d3086474fac47ba71d583ff75c3049e45f331fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe

Filesize
468KB

MD5
82ca222b05c918925a8d9dc8bbabf930

SHA1
846ee71c5be9e097b1bd227b521dd4f94a0186bf

SHA256
9d13e37fd71bc63934137f792b85e92ebe1858b8d9564390d42378f95f52aa34

SHA512
40944bffbde5e95b5e3f1ad9837d83e4f4ba2ee7e7211855596282c6ee4bfd4a492ef864161c9722d9df61de5dd12a3e28fb7288e1a45723dd56c65668d83836

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe

Filesize
468KB

MD5
9dbd831b62e3dd50e2c45ba729bf28ca

SHA1
89f53b01bc9e0bfc8e357a456816109d71bbcd6f

SHA256
631926671024a78312dec379e73020cb68d6ccb659ebb3d73537a416f9df55d6

SHA512
60cda68e8a3c0c5a9e27bb62dacd828094018547b5e325b7e04458c6490ece828c81c1776700eb0168c0d5dc866ca0cdac857ee99451490945c4cd01befb15df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe

Filesize
468KB

MD5
afa31917aad04f517138af7688d369d0

SHA1
eea8efa5a672b892e0b61af5611ebd30817ad10e

SHA256
4234c5ec40d475084f69e6b4fc8947411c953b3a38abb10ec1f471fc9cafab1e

SHA512
0e6abccfd246faeb161821ee6ec9b85cb225757470f31453b69ca6687e469354ef94f20caf2e97ad02fef622608815762767b4c4740943d89d08bfab9c6a7a28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe

Filesize
468KB

MD5
d1784fc7fb42b28e9cdd9f09dde8fa8e

SHA1
02041ce8e32e7e8376318d341ce3da23d4964b0d

SHA256
eacb8a5166f3f61a3b0890bbfae348cc0661a81b206e8961f888592312012e57

SHA512
c6179201b5a7b7c50e13950a7eeb0b6990fe2fba21753df685d8ae97cded66aa78fc0554d9fcb0a007448a7d0c208543e2794ae672b52875f0438b98e163b211

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe

Filesize
468KB

MD5
45b866bf93cd30ef15f6555c0bc9f55f

SHA1
6cfbf7db975f3080babdbe44e632c4035b676fe7

SHA256
bf0b85be49e90f46f7fe6407d3afc491e72d907198be29493e9cd15338c6a001

SHA512
c4476e69f1eb7df8852a1049ecac52c63f3ec29fef86be67a05fc67f04fbde41ff786ec4b7c87430bbb71ce621c892b208cf8669a84863bcaf0c36eb33c470a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9222.exe

Filesize
468KB

MD5
ecb095fdfce9afafb9faffdf1e1a8adb

SHA1
be7a4f61c4ae4e392990619083ffd304957dcf6a

SHA256
57419d0d0e61d5e1357084bfd2c161c82ace97b5a9150b1b43f5265c910942ca

SHA512
7befb7af008bf2d7fc9f5331d64808514d93183466714a464a05f95ee190b89d4786116157b75122ee78e0adea31e421e9eb635f0828e3807195d1e7b4f4cbcf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe

Filesize
468KB

MD5
c0cbf37ce882e44a7bb1e65fe5cdaf73

SHA1
666835e7acd94eac17d2612d3cbd60bed81d6750

SHA256
44e86969f6401075966a069fa3cd022a0390ad4dd727c635c94c6b1b1a3bdec8

SHA512
a61ede4e59b3848a57d683aa7136d18915e6a496afb9bce6969cd831e1835cee2eb08395463dc46e47adcbc7ae01fd2734fbdac9f32b471219ef6d93f3e5afb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe

Filesize
468KB

MD5
de5124f75b7ce9cbd3bdf8f5bc39783f

SHA1
559daca1e15c4714a93474376c6ee893f377140e

SHA256
daee1568e588be1b0dc1c3f4d89d39e4b3ba02a050c9372b94db21c78fbddb4b

SHA512
d9a99b61d565c810f3bc667e5a6dc6a43fdbcd177be7c868c352099c4e69dee18c1f1bde07ce4fb0d07525398d56d1f65905ec4d525018ed6aaf0140bad791dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe

Filesize
468KB

MD5
2a67c480d8fe4e9ccfd40dbce2aecd8e

SHA1
9b362e4964e87c3ab1f345ad32d6a04a440c30c1

SHA256
c96f55777acf2f827dd616ff5b0b192df9f551bff0ad0a62bde0290aea58601d

SHA512
8c8591db8bc254a482d6915acd299aaf4cc0d98931f28a97c395af1168f49f6e79c54132525f33317fcb16fec7db26adcda47d72506046c29a3e391feb836b2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34325.exe

Filesize
468KB

MD5
9afe7bb66d75ab49f15880c06c8c456a

SHA1
e66d9875a1cae384ff6edd3be47b02d2f44e3db7

SHA256
63137ad1413262a49946e1d6653a6a4b05bed2d90dae3e68335c8bbf13f837b6

SHA512
854431a0c8215ee0543f5eacce56e4462189b01a8b6bd7ad397fc6b1793929981dbec1c7f37bc93138c455ededdfb23195a3857dabd61c3ba9c844adae81e290

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37373.exe

Filesize
468KB

MD5
6749dca0a4a18d7509fbc5c7e4e176f3

SHA1
f8133147deed0c91c798c391179ac005164dd8e6

SHA256
406ad77a23de0813bf6bc5ddbb3fb85ff5af62475f36ee36464f4043ea581eac

SHA512
4a634964011f0712cd191038b9e05eca40138a07b76ece8845a422061b2af81f92f033f7ec3fb6802c7b72a8cde55ce2ee12eab87f013d98ee7b6e76c8775028

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe

Filesize
468KB

MD5
10993d517fd3a177e212c0c36b076003

SHA1
fdfc4581d741ba1aed818c6028baa803976565ce

SHA256
e92764ffe0ffb3575f57564063dcec28199263ee9ffd608e29371590ad707508

SHA512
dadbad6c02f9fb0d6c8541ae29b31036a7033a5a84c3459560e6b92f9cc2d383bc82cf9c1b7d3834f5420ecfd2c8b3a9899fa2eb2be04e07efb064c4f728268f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe

Filesize
468KB

MD5
f32d1e9ed81c9816dade2d3c6ab3d0ca

SHA1
0f64f28c702c7a38449018c24fcbd72f4fc06a26

SHA256
182179d4f8b5d8f704908ca7fbd58b1716d9993d1b6052c1f4fc993b2804e74d

SHA512
7a94602bd69b82e62559355adc12fcbbc092ef3553db642f9f77f064e5c33b05ea06bceaea0ea4cd4234bac4552157227fae9c5f8df638181b5d88fd7c07a1f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54126.exe

Filesize
468KB

MD5
d9e5a71eee670f37d126b88e2f2cd9f1

SHA1
40a154a56732733d7be3b01ae780b1b112af5d7c

SHA256
384fbce3cf08862b6d9e627a7f8060337c03f6802c462788b8c91ca9fcae17f7

SHA512
5444b565dafbcfa0a478986017ae83b8171925386b8fa3c95012d2b1fa68066909e10ccda81897f805c5d08e36f19e3977cb146c4c8c148c63c800fc1b197f4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe

Filesize
468KB

MD5
086eb9c9d3b8a62eff8e0586098508b0

SHA1
7c61d27f135a9f415fe5c2cb860c482ed546c248

SHA256
279e4286bb5c1ce3524b204d8c98b8d6105804e7b92404d64daae2d0551244e0

SHA512
4168ab9cdce0b47e7fd8ab3f1f5652b870e97ea45e16c939793fc6ca0dbe1bb7c8c55203508874661a606ea2b7541efc7664081e75151c9643ae0600115ff7ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6281.exe

Filesize
468KB

MD5
2b6feaee8a1908751fa8fdab580f5878

SHA1
6183b4169d84840c623cacf68542ae005e395835

SHA256
8363a19424429b6ac987e34829f6a0ff1cf2b121cda32182f5af5d399343bceb

SHA512
3168a5717c7d1b3077309030f46b306137c554b36efd3d492cff397329a607f8b960dbc19a4f4833c09401fa756567f1c146fa130877ec99b4f2f374bba663bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe

Filesize
468KB

MD5
9eb079934a8c092dbb37fa61fa0c0052

SHA1
621bc8d0104ac82d897e0832118d8e6368244afa

SHA256
0a49cf9019f770cdff06f513dbdd20fbdf851261a52fdee27e82688ac71ca701

SHA512
3aca958b68f47d8ca94b88dd460adce7eefc0ef5b19f945fb911e7627fc61131903cd31f9fbdfa73354d49fd89465ae5ff4ffaf8e2fb29705e82528016d6da86

Download Submit
memory/624-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/624-382-0x0000000000810000-0x0000000000885000-memory.dmp

Filesize
468KB

Download
memory/624-381-0x0000000000810000-0x0000000000885000-memory.dmp

Filesize
468KB

Download
memory/912-345-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/912-346-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/912-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1016-400-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1120-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-275-0x0000000002070000-0x00000000020E5000-memory.dmp

Filesize
468KB

Download
memory/1408-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1408-272-0x0000000002070000-0x00000000020E5000-memory.dmp

Filesize
468KB

Download
memory/1588-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1608-398-0x0000000002190000-0x0000000002205000-memory.dmp

Filesize
468KB

Download
memory/1608-399-0x0000000002190000-0x0000000002205000-memory.dmp

Filesize
468KB

Download
memory/1608-238-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1720-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1736-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1744-289-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-130-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/1892-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1892-33-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/1892-312-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/1892-59-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/1892-131-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/1912-315-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1916-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-201-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-362-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2064-367-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2096-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2216-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-271-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2248-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2248-273-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2332-22-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2332-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-320-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2332-160-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2332-163-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2332-11-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2332-10-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2332-75-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2468-198-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2468-199-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2468-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2468-379-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2468-378-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2484-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2496-270-0x00000000023C0000-0x0000000002435000-memory.dmp

Filesize
468KB

Download
memory/2496-172-0x00000000023C0000-0x0000000002435000-memory.dmp

Filesize
468KB

Download
memory/2496-274-0x00000000023C0000-0x0000000002435000-memory.dmp

Filesize
468KB

Download
memory/2496-38-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2496-177-0x00000000023C0000-0x0000000002435000-memory.dmp

Filesize
468KB

Download
memory/2564-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-162-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2620-86-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-285-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2620-279-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2628-62-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-258-0x0000000000490000-0x0000000000505000-memory.dmp

Filesize
468KB

Download
memory/2628-254-0x0000000000490000-0x0000000000505000-memory.dmp

Filesize
468KB

Download
memory/2660-316-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2660-164-0x00000000029A0000-0x0000000002A15000-memory.dmp

Filesize
468KB

Download
memory/2660-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-159-0x00000000029A0000-0x0000000002A15000-memory.dmp

Filesize
468KB

Download
memory/2660-317-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2696-385-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2708-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2736-380-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2776-347-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-225-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2780-227-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2780-401-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2780-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-397-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2904-288-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/2904-281-0x0000000002680000-0x00000000026F5000-memory.dmp

Filesize
468KB

Download
memory/2904-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2972-223-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2972-109-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2972-358-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2972-355-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/2972-222-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/3004-280-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/3004-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3004-286-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/3036-121-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3036-244-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/3036-246-0x0000000001E40000-0x0000000001EB5000-memory.dmp

Filesize
468KB

Download
memory/3044-313-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/3044-314-0x0000000002670000-0x00000000026E5000-memory.dmp

Filesize
468KB

Download
memory/3044-167-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3048-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-237-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/3056-236-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/3056-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download