1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
Size

468KB
MD5

bb8c7b3dd12f8156ca0bf8ba46b36adc
SHA1

caac834e23fa02e60a4d08c49554480053af4219
SHA256

1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41
SHA512

10f07936d7a011a6afbf91be578d2ff4b77c49b0681c540406bf5aa17390b4d959918f5db60ec5aba2204e0f1f20d5e7bfd44aa1d43e139c9bbcbb6bd96e99e7
SSDEEP

3072:9G3HogIKIE5TtIYeHz/Ocf+/zChaP0pktVHMTVPyQ4GL07Ngp3lj:9G3oDMTtoHrOcf4Yj0Q4ISNgp

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2724	Unicorn-37123.exe
2732	Unicorn-6479.exe
1224	Unicorn-48067.exe
2748	Unicorn-56318.exe
2600	Unicorn-14730.exe
2864	Unicorn-10646.exe
2076	Unicorn-3447.exe
1692	Unicorn-54777.exe
2144	Unicorn-51361.exe
332	Unicorn-22681.exe
2800	Unicorn-41709.exe
468	Unicorn-12109.exe
2920	Unicorn-12374.exe
1532	Unicorn-30849.exe
3068	Unicorn-58046.exe
936	Unicorn-54860.exe
1984	Unicorn-16520.exe
3028	Unicorn-37118.exe
1344	Unicorn-20324.exe
840	Unicorn-22536.exe
1864	Unicorn-30704.exe
2404	Unicorn-8145.exe
1324	Unicorn-53817.exe
2060	Unicorn-64752.exe
1552	Unicorn-35342.exe
1288	Unicorn-24482.exe
740	Unicorn-18351.exe
3044	Unicorn-13552.exe
2372	Unicorn-60060.exe
2140	Unicorn-62098.exe
1652	Unicorn-42354.exe
1724	Unicorn-34740.exe
2268	Unicorn-37201.exe
2876	Unicorn-34085.exe
2300	Unicorn-40216.exe
2148	Unicorn-63329.exe
2932	Unicorn-20673.exe
2680	Unicorn-11742.exe
2588	Unicorn-37009.exe
2196	Unicorn-33479.exe
2652	Unicorn-21249.exe
1896	Unicorn-6858.exe
2772	Unicorn-47791.exe
2080	Unicorn-15581.exe
1264	Unicorn-44791.exe
2924	Unicorn-50221.exe
2400	Unicorn-46692.exe
2092	Unicorn-21532.exe
760	Unicorn-35831.exe
1956	Unicorn-56251.exe
1820	Unicorn-5659.exe
1308	Unicorn-58289.exe
2432	Unicorn-60890.exe
2248	Unicorn-15218.exe
580	Unicorn-57932.exe
1048	Unicorn-58197.exe
2276	Unicorn-39458.exe
748	Unicorn-36769.exe
1556	Unicorn-50505.exe
1124	Unicorn-56635.exe
2284	Unicorn-53106.exe
972	Unicorn-38161.exe
2508	Unicorn-12073.exe
1596	Unicorn-5296.exe

Loads dropped DLL 64 IoCs

pid	Process
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2724	Unicorn-37123.exe
2724	Unicorn-37123.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2732	Unicorn-6479.exe
2724	Unicorn-37123.exe
2732	Unicorn-6479.exe
2724	Unicorn-37123.exe
1224	Unicorn-48067.exe
1224	Unicorn-48067.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2748	Unicorn-56318.exe
2748	Unicorn-56318.exe
2724	Unicorn-37123.exe
2724	Unicorn-37123.exe
2864	Unicorn-10646.exe
2864	Unicorn-10646.exe
1224	Unicorn-48067.exe
1224	Unicorn-48067.exe
2076	Unicorn-3447.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2600	Unicorn-14730.exe
2600	Unicorn-14730.exe
2732	Unicorn-6479.exe
2076	Unicorn-3447.exe
2732	Unicorn-6479.exe
1692	Unicorn-54777.exe
1692	Unicorn-54777.exe
2748	Unicorn-56318.exe
2748	Unicorn-56318.exe
2144	Unicorn-51361.exe
2144	Unicorn-51361.exe
2724	Unicorn-37123.exe
2724	Unicorn-37123.exe
1532	Unicorn-30849.exe
1532	Unicorn-30849.exe
468	Unicorn-12109.exe
468	Unicorn-12109.exe
332	Unicorn-22681.exe
332	Unicorn-22681.exe
2076	Unicorn-3447.exe
2076	Unicorn-3447.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
664	WerFault.exe
664	WerFault.exe
664	WerFault.exe
664	WerFault.exe
2864	Unicorn-10646.exe
2864	Unicorn-10646.exe
2920	Unicorn-12374.exe
2920	Unicorn-12374.exe
2732	Unicorn-6479.exe
2732	Unicorn-6479.exe
2600	Unicorn-14730.exe
2600	Unicorn-14730.exe
2800	Unicorn-41709.exe
2800	Unicorn-41709.exe
664	WerFault.exe
1224	Unicorn-48067.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
664	3068	WerFault.exe	44
640	1864	WerFault.exe	50
2544	2404	WerFault.exe	51
2564	1552	WerFault.exe	55
1180	1652	WerFault.exe	61
1260	1724	WerFault.exe	62
2720	2148	WerFault.exe	66
2052	2080	WerFault.exe	75
2960	2588	WerFault.exe	69
2912	840	WerFault.exe	49
1156	1264	WerFault.exe	76
1876	1124	WerFault.exe	94
1604	2908	WerFault.exe	112
3000	1736	WerFault.exe	139
3288	2556	WerFault.exe	118
3416	1696	WerFault.exe	173
3552	1912	WerFault.exe	138
3968	944	WerFault.exe	134
3824	2876	WerFault.exe	65
3908	2352	WerFault.exe	137
3892	1860	WerFault.exe	148
3776	2092	WerFault.exe	80
3764	1568	WerFault.exe	143
3952	2248	WerFault.exe	87
4012	1820	WerFault.exe	84
4036	580	WerFault.exe	88
3128	2400	WerFault.exe	79
3276	2284	WerFault.exe	97
3352	760	WerFault.exe	81
3444	988	WerFault.exe	158
4316	1704	WerFault.exe	150
4308	3020	WerFault.exe	117
4300	2940	WerFault.exe	113
4392	2824	WerFault.exe	105
4964	2896	WerFault.exe	171
4508	1532	WerFault.exe	41
4520	2380	WerFault.exe	140
4608	2612	WerFault.exe	127
4616	1764	WerFault.exe	133
4872	876	WerFault.exe	149
4864	2164	WerFault.exe	159
4656	1656	WerFault.exe	132
4684	1896	WerFault.exe	72
4720	2116	WerFault.exe	131
4692	2932	WerFault.exe	67
4848	532	WerFault.exe	160
4996	332	WerFault.exe	39
4212	2728	WerFault.exe	153
5008	1956	WerFault.exe	83
4168	1952	WerFault.exe	147
5384	2744	WerFault.exe	128
5432	2652	WerFault.exe	71
5424	2268	WerFault.exe	63
5400	2196	WerFault.exe	70
5520	284	WerFault.exe	123
5564	1816	WerFault.exe	119
5556	2492	WerFault.exe	125
5548	2068	WerFault.exe	107
5584	1796	WerFault.exe	165
5636	2832	WerFault.exe	103
5368	1048	WerFault.exe	89
5332	2508	WerFault.exe	99
5396	348	WerFault.exe	136
5664	2976	WerFault.exe	157

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59899.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37496.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7332.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
2724	Unicorn-37123.exe
2732	Unicorn-6479.exe
1224	Unicorn-48067.exe
2748	Unicorn-56318.exe
2864	Unicorn-10646.exe
2076	Unicorn-3447.exe
2600	Unicorn-14730.exe
1692	Unicorn-54777.exe
2144	Unicorn-51361.exe
332	Unicorn-22681.exe
468	Unicorn-12109.exe
1532	Unicorn-30849.exe
3068	Unicorn-58046.exe
2920	Unicorn-12374.exe
2800	Unicorn-41709.exe
936	Unicorn-54860.exe
1984	Unicorn-16520.exe
3028	Unicorn-37118.exe
1344	Unicorn-20324.exe
840	Unicorn-22536.exe
1864	Unicorn-30704.exe
2404	Unicorn-8145.exe
1324	Unicorn-53817.exe
2060	Unicorn-64752.exe
1552	Unicorn-35342.exe
740	Unicorn-18351.exe
1288	Unicorn-24482.exe
2372	Unicorn-60060.exe
3044	Unicorn-13552.exe
2140	Unicorn-62098.exe
1652	Unicorn-42354.exe
1724	Unicorn-34740.exe
2268	Unicorn-37201.exe
2876	Unicorn-34085.exe
2300	Unicorn-40216.exe
2148	Unicorn-63329.exe
2932	Unicorn-20673.exe
2680	Unicorn-11742.exe
2588	Unicorn-37009.exe
2196	Unicorn-33479.exe
2652	Unicorn-21249.exe
1896	Unicorn-6858.exe
2772	Unicorn-47791.exe
1264	Unicorn-44791.exe
2080	Unicorn-15581.exe
2924	Unicorn-50221.exe
2092	Unicorn-21532.exe
2400	Unicorn-46692.exe
760	Unicorn-35831.exe
1820	Unicorn-5659.exe
1956	Unicorn-56251.exe
1308	Unicorn-58289.exe
2432	Unicorn-60890.exe
2248	Unicorn-15218.exe
580	Unicorn-57932.exe
1048	Unicorn-58197.exe
1124	Unicorn-56635.exe
2276	Unicorn-39458.exe
748	Unicorn-36769.exe
1556	Unicorn-50505.exe
2284	Unicorn-53106.exe
972	Unicorn-38161.exe
2508	Unicorn-12073.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2724	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	30
PID 2316 wrote to memory of 2724	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	30
PID 2316 wrote to memory of 2724	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	30
PID 2316 wrote to memory of 2724	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	30
PID 2724 wrote to memory of 2732	2724	Unicorn-37123.exe	31
PID 2724 wrote to memory of 2732	2724	Unicorn-37123.exe	31
PID 2724 wrote to memory of 2732	2724	Unicorn-37123.exe	31
PID 2724 wrote to memory of 2732	2724	Unicorn-37123.exe	31
PID 2316 wrote to memory of 1224	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	32
PID 2316 wrote to memory of 1224	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	32
PID 2316 wrote to memory of 1224	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	32
PID 2316 wrote to memory of 1224	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	32
PID 2732 wrote to memory of 2600	2732	Unicorn-6479.exe	33
PID 2732 wrote to memory of 2600	2732	Unicorn-6479.exe	33
PID 2732 wrote to memory of 2600	2732	Unicorn-6479.exe	33
PID 2724 wrote to memory of 2748	2724	Unicorn-37123.exe	34
PID 2732 wrote to memory of 2600	2732	Unicorn-6479.exe	33
PID 2724 wrote to memory of 2748	2724	Unicorn-37123.exe	34
PID 2724 wrote to memory of 2748	2724	Unicorn-37123.exe	34
PID 2724 wrote to memory of 2748	2724	Unicorn-37123.exe	34
PID 1224 wrote to memory of 2864	1224	Unicorn-48067.exe	35
PID 1224 wrote to memory of 2864	1224	Unicorn-48067.exe	35
PID 1224 wrote to memory of 2864	1224	Unicorn-48067.exe	35
PID 1224 wrote to memory of 2864	1224	Unicorn-48067.exe	35
PID 2316 wrote to memory of 2076	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	36
PID 2316 wrote to memory of 2076	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	36
PID 2316 wrote to memory of 2076	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	36
PID 2316 wrote to memory of 2076	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	36
PID 2748 wrote to memory of 1692	2748	Unicorn-56318.exe	37
PID 2748 wrote to memory of 1692	2748	Unicorn-56318.exe	37
PID 2748 wrote to memory of 1692	2748	Unicorn-56318.exe	37
PID 2748 wrote to memory of 1692	2748	Unicorn-56318.exe	37
PID 2724 wrote to memory of 2144	2724	Unicorn-37123.exe	38
PID 2724 wrote to memory of 2144	2724	Unicorn-37123.exe	38
PID 2724 wrote to memory of 2144	2724	Unicorn-37123.exe	38
PID 2724 wrote to memory of 2144	2724	Unicorn-37123.exe	38
PID 2864 wrote to memory of 332	2864	Unicorn-10646.exe	39
PID 2864 wrote to memory of 332	2864	Unicorn-10646.exe	39
PID 2864 wrote to memory of 332	2864	Unicorn-10646.exe	39
PID 2864 wrote to memory of 332	2864	Unicorn-10646.exe	39
PID 1224 wrote to memory of 2800	1224	Unicorn-48067.exe	40
PID 1224 wrote to memory of 2800	1224	Unicorn-48067.exe	40
PID 1224 wrote to memory of 2800	1224	Unicorn-48067.exe	40
PID 1224 wrote to memory of 2800	1224	Unicorn-48067.exe	40
PID 2316 wrote to memory of 468	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	42
PID 2316 wrote to memory of 468	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	42
PID 2316 wrote to memory of 468	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	42
PID 2316 wrote to memory of 468	2316	1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe	42
PID 2600 wrote to memory of 2920	2600	Unicorn-14730.exe	43
PID 2600 wrote to memory of 2920	2600	Unicorn-14730.exe	43
PID 2600 wrote to memory of 2920	2600	Unicorn-14730.exe	43
PID 2600 wrote to memory of 2920	2600	Unicorn-14730.exe	43
PID 2076 wrote to memory of 1532	2076	Unicorn-3447.exe	41
PID 2076 wrote to memory of 1532	2076	Unicorn-3447.exe	41
PID 2076 wrote to memory of 1532	2076	Unicorn-3447.exe	41
PID 2076 wrote to memory of 1532	2076	Unicorn-3447.exe	41
PID 2732 wrote to memory of 3068	2732	Unicorn-6479.exe	44
PID 2732 wrote to memory of 3068	2732	Unicorn-6479.exe	44
PID 2732 wrote to memory of 3068	2732	Unicorn-6479.exe	44
PID 2732 wrote to memory of 3068	2732	Unicorn-6479.exe	44
PID 1692 wrote to memory of 936	1692	Unicorn-54777.exe	45
PID 1692 wrote to memory of 936	1692	Unicorn-54777.exe	45
PID 1692 wrote to memory of 936	1692	Unicorn-54777.exe	45
PID 1692 wrote to memory of 936	1692	Unicorn-54777.exe	45

C:\Users\Admin\AppData\Local\Temp\1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe
"C:\Users\Admin\AppData\Local\Temp\1232b9f97020896aa90134d298f3e12840431582b84b3f8a93cfe0705967ee41.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        9⤵
        Program crash
        
        PID:3444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 248
        8⤵
        Program crash
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28421.exe
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
        8⤵
        Program crash
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 244
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41617.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55639.exe
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        8⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        8⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 248
        7⤵
        Program crash
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        6⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        7⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        7⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        7⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
        6⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        6⤵
        
        PID:8676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 244
        6⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13552.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49856.exe
        9⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        8⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 228
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10013.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        8⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 228
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        7⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 248
        7⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        7⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 224
        7⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16732.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        6⤵
        
        PID:4944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 224
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        6⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 244
        7⤵
        Program crash
        
        PID:3892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
        6⤵
        Program crash
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        5⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        7⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 224
        7⤵
        
        PID:8916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 228
        6⤵
        Program crash
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        5⤵
        
        PID:2416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 200
        6⤵
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        5⤵
        
        PID:5528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 248
        5⤵
        
        PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 224
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53869.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        7⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 228
        7⤵
        Program crash
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
        6⤵
        Program crash
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
        5⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 248
        6⤵
        Program crash
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        5⤵
        
        PID:4464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 244
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
        5⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        6⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
        6⤵
        
        PID:5604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 224
        6⤵
        
        PID:6960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 248
        5⤵
        Program crash
        
        PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
      4⤵
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        5⤵
        
        PID:5672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 224
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35772.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
      4⤵
      PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
      4⤵
      PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
      4⤵
      PID:6720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 244
        7⤵
        Program crash
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        8⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        8⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        8⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47498.exe
        7⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
        7⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        7⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        7⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 228
        7⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        6⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-690.exe
        6⤵
        
        PID:6168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
        6⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
        6⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        6⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 244
        6⤵
        Program crash
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51923.exe
        6⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        7⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 228
        7⤵
        Program crash
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39500.exe
        6⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7782.exe
        6⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        6⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        6⤵
        
        PID:4140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 244
        6⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        5⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47731.exe
        5⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
        5⤵
        
        PID:4428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 248
        5⤵
        
        PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        7⤵
        Program crash
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 228
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 248
        7⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        6⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        7⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        6⤵
        
        PID:4732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 244
        6⤵
        Program crash
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        6⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8716.exe
        7⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        7⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30972.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        7⤵
        
        PID:8536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 248
        6⤵
        Program crash
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
        5⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        6⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37448.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33555.exe
        5⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        5⤵
        
        PID:7216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        5⤵
        
        PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22401.exe
        5⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9477.exe
        8⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16549.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        7⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 244
        7⤵
        Program crash
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21004.exe
        6⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        7⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        7⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 224
        7⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
        6⤵
        
        PID:4588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 248
        6⤵
        Program crash
        
        PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        6⤵
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        6⤵
        Program crash
        
        PID:4656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 244
        5⤵
        Program crash
        
        PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
      4⤵
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20725.exe
        6⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
        7⤵
        
        PID:5220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        6⤵
        Program crash
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        5⤵
        
        PID:4728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 248
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
      4⤵
      PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29879.exe
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29353.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        6⤵
        
        PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        5⤵
        
        PID:5040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
        5⤵
        Program crash
        
        PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37661.exe
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        5⤵
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8427.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
      4⤵
      PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44939.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
      4⤵
      PID:8652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38135.exe
      4⤵
      PID:8528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59432.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        9⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        8⤵
        Program crash
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
        7⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 248
        7⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        7⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55003.exe
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        7⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3110.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
        6⤵
        
        PID:5028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 244
        6⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        5⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        7⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 228
        7⤵
        
        PID:8792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        6⤵
        
        PID:4148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 244
        6⤵
        Program crash
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
        6⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        6⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        5⤵
        
        PID:5416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 248
        5⤵
        
        PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63329.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 220
        5⤵
        Program crash
        
        PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18216.exe
      4⤵
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59899.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 244
        6⤵
        Program crash
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        5⤵
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
        6⤵
        
        PID:7996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 248
        6⤵
        
        PID:9124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 244
        5⤵
        Program crash
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
      4⤵
      PID:1568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 224
        5⤵
        Program crash
        
        PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
      4⤵
      PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36108.exe
      4⤵
      PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
      4⤵
      PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
      4⤵
      PID:7964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
      4⤵
      PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6829.exe
      4⤵
      PID:6788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46438.exe
        7⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 244
        7⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        6⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39863.exe
        6⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        5⤵
        
        PID:2352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 224
        6⤵
        Program crash
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34220.exe
        5⤵
        
        PID:3784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        5⤵
        Program crash
        
        PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        6⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        7⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        6⤵
        Program crash
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
        5⤵
        
        PID:3808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 224
        6⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
        5⤵
        
        PID:4248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 248
        5⤵
        Program crash
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47978.exe
      4⤵
      PID:1696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 224
        5⤵
        Program crash
        
        PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
      4⤵
      PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51802.exe
        5⤵
        
        PID:8696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61483.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
      4⤵
      PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
      4⤵
      PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
      4⤵
      PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28325.exe
      4⤵
      PID:8976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
      4⤵
      Executes dropped EXE
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        6⤵
        
        PID:4052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        6⤵
        Program crash
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29255.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        5⤵
        
        PID:4784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 248
        5⤵
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        5⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22797.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        5⤵
        
        PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
      4⤵
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
      4⤵
      PID:5984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
      4⤵
      PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
      4⤵
      PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
      4⤵
      PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
      4⤵
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
      4⤵
      PID:284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        6⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        5⤵
        
        PID:3340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
        5⤵
        Program crash
        
        PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
      4⤵
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13449.exe
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4582.exe
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        5⤵
        
        PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
      4⤵
      PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
      4⤵
      PID:5596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 224
      4⤵
      PID:6976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
    3⤵
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57043.exe
        5⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
      4⤵
      PID:4400
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 244
      4⤵
      Program crash
      PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60139.exe
    3⤵
    PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
      4⤵
      PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
      4⤵
      PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
      4⤵
      PID:5864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
    3⤵
    PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32928.exe
    3⤵
    PID:5376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
    3⤵
    PID:6940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
    3⤵
    PID:6648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
    3⤵
    PID:7888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
    3⤵
    PID:8876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
    3⤵
    PID:9168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        6⤵
        Program crash
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        7⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        7⤵
        Program crash
        
        PID:5664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 248
        6⤵
        Program crash
        
        PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34464.exe
        5⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        6⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        6⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        6⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
        5⤵
        
        PID:3280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 244
        5⤵
        Program crash
        
        PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 244
        5⤵
        Program crash
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24642.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39333.exe
        6⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-234.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        5⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        5⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        5⤵
        
        PID:8272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 248
        5⤵
        
        PID:8460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
        5⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        5⤵
        
        PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        5⤵
        
        PID:8448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 224
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
      4⤵
      PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
      4⤵
      PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
      4⤵
      PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35863.exe
      4⤵
      PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
      4⤵
      PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
      4⤵
      PID:6728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3112.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
        7⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
        7⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        6⤵
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 244
        6⤵
        Program crash
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        5⤵
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        6⤵
        
        PID:4188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
        6⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        5⤵
        
        PID:4548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        5⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        5⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36998.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        5⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        5⤵
        
        PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        5⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15711.exe
        6⤵
        
        PID:4892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 224
        6⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        5⤵
        
        PID:5116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 248
        5⤵
        
        PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
      4⤵
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        5⤵
        
        PID:3124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 248
        5⤵
        Program crash
        
        PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
      4⤵
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19042.exe
      4⤵
      PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
      4⤵
      PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60171.exe
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
      4⤵
      PID:8780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62098.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        5⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        6⤵
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
        6⤵
        Program crash
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        5⤵
        
        PID:5064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 228
        5⤵
        Program crash
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
      4⤵
      PID:944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 244
        5⤵
        Program crash
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14402.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16562.exe
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
      4⤵
      PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45788.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
      4⤵
      PID:8768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        5⤵
        
        PID:6344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 228
        5⤵
        
        PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44701.exe
      4⤵
      PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 224
      4⤵
      PID:7176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
    3⤵
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
      4⤵
      PID:3136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
      4⤵
      Program crash
      PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
    3⤵
    PID:3828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
    3⤵
    PID:5228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8360.exe
    3⤵
    PID:6276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
    3⤵
    PID:7940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
    3⤵
    PID:7308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
    3⤵
    PID:8372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
    3⤵
    PID:6744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 244
        6⤵
        Program crash
        
        PID:2960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
        5⤵
        Program crash
        
        PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        5⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        7⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        7⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57864.exe
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        6⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57195.exe
        6⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        5⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        6⤵
        
        PID:8068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        6⤵
        
        PID:9100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 224
        6⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16068.exe
        5⤵
        
        PID:4360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        5⤵
        Program crash
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        6⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        5⤵
        
        PID:7000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        5⤵
        
        PID:8524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
      4⤵
      PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        5⤵
        
        PID:9056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
      4⤵
      Program crash
      PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42136.exe
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31740.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41142.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        7⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        6⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35054.exe
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        6⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        6⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        6⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        5⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
        6⤵
        
        PID:8016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 228
        6⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26566.exe
        5⤵
        
        PID:3944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        5⤵
        Program crash
        
        PID:5432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        6⤵
        
        PID:9092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 228
        5⤵
        Program crash
        
        PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8289.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        5⤵
        
        PID:9080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 224
        5⤵
        
        PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21933.exe
      4⤵
      PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
      4⤵
      PID:5616
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 248
      4⤵
      PID:6900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
      4⤵
      PID:2556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 220
        5⤵
        Program crash
        
        PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        5⤵
        
        PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63729.exe
      4⤵
      PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
      4⤵
      PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22052.exe
      4⤵
      PID:7912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
      4⤵
      PID:8900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
      4⤵
      PID:9196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17558.exe
    3⤵
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        5⤵
        
        PID:8896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        5⤵
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
      4⤵
      PID:4756
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 244
      4⤵
      Program crash
      PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
    3⤵
    PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
      4⤵
      PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26119.exe
      4⤵
      PID:8908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44947.exe
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
    3⤵
    PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49024.exe
    3⤵
    PID:6908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
    3⤵
    PID:7720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
    3⤵
    PID:8848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 224
      4⤵
      Program crash
      PID:640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
      4⤵
      Program crash
      PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
    3⤵
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9951.exe
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56384.exe
        5⤵
        
        PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19543.exe
        5⤵
        
        PID:8868
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 248
      4⤵
      Program crash
      PID:4300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15524.exe
    3⤵
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
      4⤵
      PID:7868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
      4⤵
      PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
      4⤵
      PID:8600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31742.exe
    3⤵
    PID:4268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
    3⤵
    PID:5352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 244
    3⤵
    PID:6884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64752.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36407.exe
      4⤵
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        5⤵
        
        PID:1912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 244
        6⤵
        Program crash
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22747.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        6⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        5⤵
        
        PID:4104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 248
        5⤵
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
      4⤵
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        5⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        5⤵
        
        PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        5⤵
        
        PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
      4⤵
      PID:3244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
      4⤵
      Program crash
      PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11087.exe
    3⤵
    PID:2908
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 224
      4⤵
      Program crash
      PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30263.exe
      4⤵
      PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
      4⤵
      PID:4644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 224
      4⤵
      PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
    3⤵
    PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7897.exe
    3⤵
    PID:4580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
    3⤵
    PID:5628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
    3⤵
    PID:6304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
    3⤵
    PID:7528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
    3⤵
    PID:8116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6647.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe
    3⤵
    PID:8588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1264
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 244
    3⤵
    - Program crash
    PID:1156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
  2⤵
  PID:568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62852.exe
    3⤵
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
      4⤵
      PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
      4⤵
      PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
      4⤵
      PID:7920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
      4⤵
      PID:9220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
    3⤵
    PID:5176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 244
    3⤵
    PID:6636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26530.exe
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
    3⤵
    PID:8420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
    3⤵
    PID:5100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
  2⤵
  PID:3224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20437.exe
  2⤵
  PID:5164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
  2⤵
  PID:6508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
  2⤵
  PID:6828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56287.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56287.exe
  2⤵
  PID:7584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
  2⤵
  PID:8396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3605.exe
  2⤵
  PID:8244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
  2⤵
  PID:7064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe

Filesize
468KB

MD5
ed4eafdac6af16603d6e6c4307e92367

SHA1
23374ef3e0ec3cfd8ab5543d5b708f5ddb276d32

SHA256
2c96b6c71f66f2532ffb86c2730be8e17d9c0d9cfec2499bfbf6e77705013b66

SHA512
5932a61269ffd64a2bd1dd73a0efc300cc8acee79c29b17d885451521deaab0377c2fc161c133c83cc0b9e66cee76663e06077c6a69128a1700b0f43b96e1189

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe

Filesize
468KB

MD5
c5e3d54e867381e67eff2c06a0d9da15

SHA1
cfb5f0328da9b0d273833e12867178ed538de7f1

SHA256
d557ddd5e76fa3585c46ef0b944475f9ce0a5a2b6db2ad5613c5bf438c64c8b5

SHA512
de70aba6f37815cf709ddfe04388d7e5eeed5020eacef5d025bfb8dda8b748518fef0d33e6f5ac6a557bf49989bbac50e6265ff0f2a6e504dd69a6dda48605d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe

Filesize
468KB

MD5
35bf6a251c710ebd3141e5427a669fe9

SHA1
e10c676230e6c6c21a30da9482b9dbfe98c408ac

SHA256
26883e6fce0767f9a5f2a7d226674242efcc87988c9cc3bf0fd6a820184071c9

SHA512
cfe2bc93e62403691e7e09cec84e8febf7e3f41dd0b7cd0687df31c11405bae77e2e57cb02815d55b688ede1361aa56ca00c4888f27587498b86dbaf02963da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22681.exe

Filesize
468KB

MD5
16be4f6b26adadd6a8095a5da18020ce

SHA1
9a02936aa1aef7d6b7b28358b5576a5545aad410

SHA256
93aed1f4b149b4b145e442c75734c9e20068cc1f7f7506494b98c1e880f51326

SHA512
49fa2a78dac9b2350a3fe28470f5d6cbe28e37eb4632d51806f4d16503936d1e9f523cf5c99b1399bf37d99190af1849d36ff358e01d4acf3b13454a4249d72b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24340.exe

Filesize
468KB

MD5
162c4a1b40e5fcb38bd65eebfb3b9e23

SHA1
ce00f8d42e5102d16f5c87d68cec09e7f372a8bf

SHA256
43aa9fbc75dad572975dba1bbe8d1b8d5e9bd7c66514ca6b9e6ad977f38585b0

SHA512
3efe362310a993c6914814517b237fcabac1c9b660e751147e755db8fd59f87dc4bc1a91feff339c237a22fea54516cc23499199870ecdd14295962749852bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe

Filesize
468KB

MD5
f6183bd700cbee15bac7dfdded986414

SHA1
cec28f77eb150fe560161777b79bf8ec577cdc11

SHA256
d55011c32424f3b9e1eb7b668af10c9ca4f8fb97cb0638d9a7ff8611966b36f0

SHA512
3b524910a7e7a89929b971e99f0415c0afcd7003a5a0cd24c914efaf179dfd582bee325c9228404d17d27cfa3ddae8c416ad2a42b8349f8233aefb7906415130

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe

Filesize
468KB

MD5
3fc535f47f1d4b8172e00cf6f151301d

SHA1
7c97286f1cd8e1cbf8f3d8d404aea798e38460c4

SHA256
7540f20c74634967f71d4627e91cfa9d9b343c137a4de1272e3ab9c531db25dc

SHA512
7ec0afbd7b520c086d4befaadf6157118934f565f72add0fb7be93913dc21a17316b20552186312a8ec384d4816cc5c999953361e3152dc00e9038b627d49db9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe

Filesize
468KB

MD5
2dc99d0a43321aa1229076418bfc7770

SHA1
585c65bacf15622116a0ac63981e4994be1f7de3

SHA256
7a5cf6de582c8c813ddc55193eb78b163850b007994f6979b0eb3551a4be2246

SHA512
3a329c5f42f67a700819a9d79585b3db60819ad9fec42f5b10370839831924692648850b976c6d729305b6d2a4aa29cb351dca9bb77b3687668b2707a05ca17f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe

Filesize
468KB

MD5
c66c20ebe17f8c5c1fbc29419d214df4

SHA1
37bb55d14162e6660c8016e7252962d35577fcf7

SHA256
f2401ef1f6cd411a35ffa2fe6edbf5b5e1d285d4d17b7066d0927ad568685d53

SHA512
7bab5cd9b30e5b18121b32f4a14d3600e079bfb8f5d1c54807ff4dae14b3d1af37dbeaad8601d59e49dc03afaeb171bbb6cf1251dd733f74b1dbe3bb3a7cffd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe

Filesize
468KB

MD5
569a18f2599ce25bddfa460e6b3e3f0d

SHA1
1cc198fb5c1865b077e34048b39b148c964ba5b9

SHA256
8b736a843adf055f02a29399e9809dd4d3bb8ea96bc71ed40e673d0380632a72

SHA512
6a8d886c7a832c7afa5a46f1f453acd7fba0ddd0d5124a61343776b59fcc9e26cf3793c5e9ed4ad9831ad625c57dea4406fb8d338cffd3f2cb3f5aefdd4a4fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe

Filesize
468KB

MD5
a90b202ec7e710d8dad983140b369970

SHA1
d361c880904524f7bf28c4bd4790562a17887236

SHA256
300402619c92be31186bd8eb19733c0d3033ce6997dfaf8171a4a2e42e2030f9

SHA512
e096e28dd44a9a425d9e376ed7156dc874d074b1d6a42b969a72ce815f83e3b6e65ea44423a2ccc2c995dd747822fdffd2d5979ca6b5e736078598c995e2c55d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59233.exe

Filesize
468KB

MD5
1cdd0ff763f9190069f4fd9d1a21b4b2

SHA1
44b6ef522fc148ab3ebca9e95d27a58882a4de70

SHA256
f01539733eb44df31bbd16cc71f75b9e5a2cea146f66a35b68356935bf636d28

SHA512
830262a7f1332b765d306019a70f0b89bccd72b89c796e866ad61176a102225f18bfaac14f1e6fe0d5980db61fd9dc835a2c0a5729b79fa04afc16cefb71bfdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62852.exe

Filesize
468KB

MD5
2994f3f709ca2f3272a56f4db0d8e27e

SHA1
5988e3d42ff391f2b943679ec6011603d5573a5b

SHA256
1eb5bafb1c5c256ea42a440bcadb77300f366b8dbfe38837b7e13c0aa1e50242

SHA512
4dfdfe605f42d5c6fd17728c03c193fd9a751ba058849d470a49722ccb0da06427bc03fe30855b24df36167456b661964df98582f4c9505f257ce98b48b0393b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe

Filesize
468KB

MD5
c5a2bcf76b7fec6e75c3b23f269e2f77

SHA1
5d84069d46867a2851740ddec4b74331dfa4b644

SHA256
d5325de7065a55131449976d3578a0c8b327645108e713f3c7ecc36ee0d2e4dc

SHA512
4303598b4786e8eea075a56ca98460bf959243b474317c8e9934ef923eb5f653467f51dee4b1eaa6ebf0c18b62ff34d60dab1ace3a326e7c82a7d9daf3da39c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe

Filesize
468KB

MD5
742451e6ef0a6d77cdb768344454f655

SHA1
bfbde98344a471ae8a8d42d2b2973aa7fab29722

SHA256
c96bad596b01b9389cb68f808f0d54267f3c579a678e950f7710e64785617ae6

SHA512
a6855797ee8e30ef07508e50bcef1b96b26f6b7e354aaca096e30a62d2df2d6274c33c73737090c46a5de8f7a583c0062d3b1a52c85a5a7a01cfd21455708b98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe

Filesize
468KB

MD5
b99ac80f5db1845c82b3059b9be0928e

SHA1
9a569518e74e31eb50e7b60a3620de7ec9541348

SHA256
6d87fe7d5732779bf179a49929afbca8e1bc7de87b9f0f4f15efe5c0518f09f4

SHA512
e964c22655b70a3dc27b7a9e001eaf57aec9acd275b4587f913b4c700f602c9ffda037f93a4350a1068ce661577662d68d561e9c334e66ad232b489c52b4f22b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe

Filesize
468KB

MD5
d2f34b5e7ecc8bdedb3a97ebe95e493f

SHA1
20258ecb3aeffb584391e639ab61bbd230190bd1

SHA256
02601e545d9dd3d54d83a87c5a8d9e9bb28bfa77aa569f77566f97c72ff92692

SHA512
0606e9c8742ed16de7941fc9724fca3cc09b2be1bd868130c65ccdd6f4aeb1f6b949a677bdd561adc457a599436297fecb1dc74b1b7fb46408aeb185493bced6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe

Filesize
468KB

MD5
b2800ae3e70e1bf9d85eadba390876a1

SHA1
6adae8b4d641867211f8f5ca46fc72d1a4e9707e

SHA256
91c3fb64e8c5ea900aeddb9d9667b14edf7e7faed9e8fdeadbf802b0a24771bc

SHA512
11fe2a718d5c0704ad871b9ec8786b69452501681a6254f6681a0121e4f3a1c83d9902c0c4db2adf77feca885e9fad22ed2d8cae7e755d76a08d2444baf3ecf9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe

Filesize
468KB

MD5
241283c9ce29ee2b04a0e12f37e7ce4e

SHA1
70cf6f1215b74ecef4beb438bbc091f0929d089a

SHA256
594cf2fa82916eace13e823f570c616a9f574e8a33bcc01bf643c668a1f55b1b

SHA512
c042bd0e2eec2d35ffbd8e3cf83df74d47c86e356510afc22d1fb6eb077a07dbde64521cbd46feaa53d58df2d4b121488bdbec127987d145c3601761e5c40c25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe

Filesize
468KB

MD5
c12b665a906374dc669b4bc16f801245

SHA1
2b3725d449a827d3395cd158bb801c2a6c6d2c2c

SHA256
ea0412544742cf2b0563d5d24b32f82ed76691550abe716a535a003b769f8abb

SHA512
0b4b8b4bf0d3da0ca11e9f0050961acb3b9940e2a32e4700ab71bfb718697d0fcce3fac77869dbfaf5646ead2ad11917f1b4359baea591d54767c118c5d716e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe

Filesize
468KB

MD5
2fb0832de624c8176a0a5c070ce72542

SHA1
77769c3b50da3f87a248e8cc05921a7b7c6de4e0

SHA256
4467967ee594cb753bdb0024a9b66ddfe5921b0f4f523ab586e4c2a0ea804b58

SHA512
50dd3c26e2515c08b387f0c8044b501040de89125c4ebd6bf77e3b401156aa67cb45512e2c368d55cfcc3908be4a0e91586480e4fbb70b7618435b09a03b0e86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe

Filesize
468KB

MD5
0b4b843b9e824755049087f3c941170c

SHA1
f2c6156c151979a87229c9e0cd742645d6b44e9b

SHA256
276b6a41965ff9755c20b19d5593d900362eda75f6b742466977e6d2fdf733d7

SHA512
cd4af37cf1e8e88ee77cfac5c26e6cec1c54049454cd13a75fb7a373470ed178f0cfba9ca56e304076a742ee5bd746689b71f6155d74b5a597705c3119057d96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe

Filesize
468KB

MD5
abed1adb8506f41d81595fa445a5fed2

SHA1
136c658e19b045cd7bd94cbd3bc185496ccf089d

SHA256
166a539b7a1289c2aec94bba9f2c303d48501a5019fe61e90c478bb5ca375eb8

SHA512
2fa862a3f71877906cccfe82ab9d367ef75b0fa079384b0615eeebf7cc6a24dd453e4ffed64dd2802ca076f2a032a17b55f2983133caa38952c15ad6648bdc18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe

Filesize
468KB

MD5
b088fae98047fb83bf0ff31638a13aad

SHA1
b1815483496a9abca5fbb08945aa8aa620d04257

SHA256
b123afdf8771acfbd6e5c5f51a21636a00bc50830eb2819413f1a286c5a8f6ad

SHA512
96b578e4cafcc47062968760d66ec0c8cc75b3fbc594b495c7c3b3b311e7fcaa682454f6c7dbf3e8fab3abd1eb3a8b1e24dce518d97bd1d6bb64baa4d8d42c12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe

Filesize
468KB

MD5
78e199e14e00f11d9fad9346ac0b53a0

SHA1
d5c6b7075e836babd0f9eea734d8e7788c65236a

SHA256
b7663b230f072a7796a8030c2ddf168a31f354da970858271c426b1e0e946ff6

SHA512
a29aa213384bb213f2d54606cbd65909f018d2d48bb8f13558181e27656bf1651f159dfd603ed9fa803387e78bfa4f8da7142d99202ba65e463fdeadb9f2b9c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe

Filesize
468KB

MD5
09825dcd9fb07d6da71219a579a7230c

SHA1
5260ff3c1fac1552830fb0d14c86df4a7183b8a2

SHA256
0d67ec62f87e43f66b5d176887035fe840ae080dcb482b0da7ad86e03c2b33c6

SHA512
5f99d83dda928ab3fb727f7aff735bd22b4508b13412dad79f793453464170f5f97e3ceddb2be70c593662638a54dac406ac988fa77013ca4b70c62c98c9f50c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe

Filesize
468KB

MD5
cfc4e007965d49ca99c38f90a03bbea1

SHA1
c71dbd9abed00ed32f014ecd29e1819400ce1351

SHA256
5f7db6d26d08d5077b30fddca39a45b769b8f143a67db94ed3f737fa7a2d4166

SHA512
a89341b451d0b21befe02a38b19f753476a47349903687039d606e003721adeca734f5ee2d62e54d3aff66421fc33dffcf1b7e444cb6ec8e3b9f346c1a2a67b1

Download Submit