7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
Size

468KB
MD5

ff58d40a2504bde9674bd0e2745cf820
SHA1

3a842528b19f1085026512b751923349e506f078
SHA256

7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3
SHA512

7c35ec970a7002dcb6d8f1e8c2a3e3916d9815ec7e077d1d8ce2ba188bfa5c2e2ccf2cf5be8aa7c177bd59599afe55b3005b734b6ef0e939a98a2ecf58ebffef
SSDEEP

3072:Xrz7ogKxjz8UFbYWPz3yqf8/Eptj7PpgPmHx+lO0Eln0AFo1Sblk:XrfotAUF1PDyqf/BtuEl04o1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2504	Unicorn-3186.exe
3044	Unicorn-43472.exe
2160	Unicorn-19522.exe
2660	Unicorn-63866.exe
2808	Unicorn-31194.exe
2564	Unicorn-11328.exe
2704	Unicorn-16895.exe
3000	Unicorn-38651.exe
2760	Unicorn-13762.exe
1380	Unicorn-59434.exe
1712	Unicorn-64862.exe
2364	Unicorn-19191.exe
1784	Unicorn-11022.exe
2020	Unicorn-8976.exe
3012	Unicorn-2589.exe
2520	Unicorn-8931.exe
2912	Unicorn-55947.exe
1876	Unicorn-6191.exe
1020	Unicorn-64800.exe
1184	Unicorn-18937.exe
1384	Unicorn-2600.exe
848	Unicorn-2335.exe
2408	Unicorn-8583.exe
2352	Unicorn-28449.exe
2244	Unicorn-19518.exe
1752	Unicorn-4499.exe
1776	Unicorn-8028.exe
320	Unicorn-55183.exe
3060	Unicorn-16197.exe
2820	Unicorn-38271.exe
2672	Unicorn-31608.exe
2800	Unicorn-51474.exe
2848	Unicorn-26778.exe
2164	Unicorn-10441.exe
1560	Unicorn-61296.exe
1032	Unicorn-64089.exe
2860	Unicorn-14333.exe
1764	Unicorn-40684.exe
804	Unicorn-18226.exe
1860	Unicorn-7872.exe
2968	Unicorn-15101.exe
1988	Unicorn-1895.exe
2728	Unicorn-54250.exe
1636	Unicorn-18225.exe
860	Unicorn-38091.exe
1088	Unicorn-38091.exe
1312	Unicorn-38091.exe
888	Unicorn-17405.exe
2144	Unicorn-61634.exe
1012	Unicorn-51495.exe
2204	Unicorn-6186.exe
904	Unicorn-56.exe
2296	Unicorn-55387.exe
2312	Unicorn-43689.exe
2740	Unicorn-64302.exe
2212	Unicorn-18631.exe
2648	Unicorn-59279.exe
1512	Unicorn-4140.exe
1668	Unicorn-8224.exe
1440	Unicorn-14354.exe
1524	Unicorn-39221.exe
1924	Unicorn-41774.exe
3028	Unicorn-27219.exe
1940	Unicorn-20468.exe

Loads dropped DLL 64 IoCs

pid	Process
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2504	Unicorn-3186.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2504	Unicorn-3186.exe
3044	Unicorn-43472.exe
3044	Unicorn-43472.exe
2504	Unicorn-3186.exe
2504	Unicorn-3186.exe
2160	Unicorn-19522.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2160	Unicorn-19522.exe
2660	Unicorn-63866.exe
2660	Unicorn-63866.exe
3044	Unicorn-43472.exe
2808	Unicorn-31194.exe
2808	Unicorn-31194.exe
3044	Unicorn-43472.exe
2160	Unicorn-19522.exe
2160	Unicorn-19522.exe
2564	Unicorn-11328.exe
2564	Unicorn-11328.exe
2704	Unicorn-16895.exe
2504	Unicorn-3186.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2704	Unicorn-16895.exe
2504	Unicorn-3186.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
3000	Unicorn-38651.exe
3000	Unicorn-38651.exe
2660	Unicorn-63866.exe
2660	Unicorn-63866.exe
2760	Unicorn-13762.exe
2760	Unicorn-13762.exe
2808	Unicorn-31194.exe
2808	Unicorn-31194.exe
2020	Unicorn-8976.exe
2020	Unicorn-8976.exe
3012	Unicorn-2589.exe
3012	Unicorn-2589.exe
2504	Unicorn-3186.exe
2504	Unicorn-3186.exe
2704	Unicorn-16895.exe
2704	Unicorn-16895.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2364	Unicorn-19191.exe
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2364	Unicorn-19191.exe
2564	Unicorn-11328.exe
2564	Unicorn-11328.exe
1380	Unicorn-59434.exe
1712	Unicorn-64862.exe
2160	Unicorn-19522.exe
1380	Unicorn-59434.exe
1712	Unicorn-64862.exe
2160	Unicorn-19522.exe
3044	Unicorn-43472.exe
3044	Unicorn-43472.exe
2468	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe

Program crash 35 IoCs

pid	pid_target	Process	procid_target
2468	1784	WerFault.exe	43
2112	1752	WerFault.exe	57
2072	3060	WerFault.exe	59
872	2520	WerFault.exe	46
2156	1312	WerFault.exe	76
2984	2648	WerFault.exe	90
1852	2408	WerFault.exe	54
2472	1860	WerFault.exe	71
3340	2968	WerFault.exe	72
3748	860	WerFault.exe	77
3996	1560	WerFault.exe	66
4020	2704	WerFault.exe	37
3988	1924	WerFault.exe	95
3472	2576	WerFault.exe	143
3720	2584	WerFault.exe	109
3280	2564	WerFault.exe	35
4004	2800	WerFault.exe	63
4120	1608	WerFault.exe	150
4252	2996	WerFault.exe	111
4748	1500	WerFault.exe	156
1788	2740	WerFault.exe	88
4756	2372	WerFault.exe	144
952	2592	WerFault.exe	179
5116	1184	WerFault.exe	50
4280	1020	WerFault.exe	49
5376	1684	WerFault.exe	102
6260	1568	WerFault.exe	133
6256	1972	WerFault.exe	168
7188	1964	WerFault.exe	166
7176	924	WerFault.exe	124
6560	2548	WerFault.exe	149
6148	1712	WerFault.exe	41
7248	888	WerFault.exe	79
7212	2724	WerFault.exe	139
7540	2364	WerFault.exe	42

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51546.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61634.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
2504	Unicorn-3186.exe
3044	Unicorn-43472.exe
2160	Unicorn-19522.exe
2660	Unicorn-63866.exe
2808	Unicorn-31194.exe
2564	Unicorn-11328.exe
2704	Unicorn-16895.exe
3000	Unicorn-38651.exe
2760	Unicorn-13762.exe
2020	Unicorn-8976.exe
2364	Unicorn-19191.exe
1380	Unicorn-59434.exe
3012	Unicorn-2589.exe
1784	Unicorn-11022.exe
1712	Unicorn-64862.exe
2520	Unicorn-8931.exe
2912	Unicorn-55947.exe
1876	Unicorn-6191.exe
1020	Unicorn-64800.exe
1184	Unicorn-18937.exe
848	Unicorn-2335.exe
1384	Unicorn-2600.exe
2408	Unicorn-8583.exe
1752	Unicorn-4499.exe
2352	Unicorn-28449.exe
1776	Unicorn-8028.exe
320	Unicorn-55183.exe
3060	Unicorn-16197.exe
2244	Unicorn-19518.exe
2820	Unicorn-38271.exe
2672	Unicorn-31608.exe
2800	Unicorn-51474.exe
2860	Unicorn-14333.exe
1032	Unicorn-64089.exe
1764	Unicorn-40684.exe
1560	Unicorn-61296.exe
2848	Unicorn-26778.exe
2164	Unicorn-10441.exe
804	Unicorn-18226.exe
1860	Unicorn-7872.exe
2968	Unicorn-15101.exe
1988	Unicorn-1895.exe
2728	Unicorn-54250.exe
1636	Unicorn-18225.exe
1312	Unicorn-38091.exe
1088	Unicorn-38091.exe
860	Unicorn-38091.exe
888	Unicorn-17405.exe
2144	Unicorn-61634.exe
904	Unicorn-56.exe
1012	Unicorn-51495.exe
2740	Unicorn-64302.exe
2212	Unicorn-18631.exe
2204	Unicorn-6186.exe
2296	Unicorn-55387.exe
2312	Unicorn-43689.exe
2648	Unicorn-59279.exe
1940	Unicorn-20468.exe
3028	Unicorn-27219.exe
1524	Unicorn-39221.exe
1512	Unicorn-4140.exe
1668	Unicorn-8224.exe
1440	Unicorn-14354.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2504	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	31
PID 2512 wrote to memory of 2504	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	31
PID 2512 wrote to memory of 2504	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	31
PID 2512 wrote to memory of 2504	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	31
PID 2512 wrote to memory of 2160	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	33
PID 2512 wrote to memory of 2160	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	33
PID 2512 wrote to memory of 2160	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	33
PID 2512 wrote to memory of 2160	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	33
PID 2504 wrote to memory of 3044	2504	Unicorn-3186.exe	32
PID 2504 wrote to memory of 3044	2504	Unicorn-3186.exe	32
PID 2504 wrote to memory of 3044	2504	Unicorn-3186.exe	32
PID 2504 wrote to memory of 3044	2504	Unicorn-3186.exe	32
PID 3044 wrote to memory of 2660	3044	Unicorn-43472.exe	34
PID 3044 wrote to memory of 2660	3044	Unicorn-43472.exe	34
PID 3044 wrote to memory of 2660	3044	Unicorn-43472.exe	34
PID 3044 wrote to memory of 2660	3044	Unicorn-43472.exe	34
PID 2504 wrote to memory of 2564	2504	Unicorn-3186.exe	35
PID 2504 wrote to memory of 2564	2504	Unicorn-3186.exe	35
PID 2504 wrote to memory of 2564	2504	Unicorn-3186.exe	35
PID 2504 wrote to memory of 2564	2504	Unicorn-3186.exe	35
PID 2512 wrote to memory of 2704	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	37
PID 2512 wrote to memory of 2704	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	37
PID 2512 wrote to memory of 2704	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	37
PID 2512 wrote to memory of 2704	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	37
PID 2160 wrote to memory of 2808	2160	Unicorn-19522.exe	36
PID 2160 wrote to memory of 2808	2160	Unicorn-19522.exe	36
PID 2160 wrote to memory of 2808	2160	Unicorn-19522.exe	36
PID 2160 wrote to memory of 2808	2160	Unicorn-19522.exe	36
PID 2660 wrote to memory of 3000	2660	Unicorn-63866.exe	38
PID 2660 wrote to memory of 3000	2660	Unicorn-63866.exe	38
PID 2660 wrote to memory of 3000	2660	Unicorn-63866.exe	38
PID 2660 wrote to memory of 3000	2660	Unicorn-63866.exe	38
PID 2808 wrote to memory of 2760	2808	Unicorn-31194.exe	40
PID 2808 wrote to memory of 2760	2808	Unicorn-31194.exe	40
PID 2808 wrote to memory of 2760	2808	Unicorn-31194.exe	40
PID 2808 wrote to memory of 2760	2808	Unicorn-31194.exe	40
PID 3044 wrote to memory of 1380	3044	Unicorn-43472.exe	39
PID 3044 wrote to memory of 1380	3044	Unicorn-43472.exe	39
PID 3044 wrote to memory of 1380	3044	Unicorn-43472.exe	39
PID 3044 wrote to memory of 1380	3044	Unicorn-43472.exe	39
PID 2160 wrote to memory of 1712	2160	Unicorn-19522.exe	41
PID 2160 wrote to memory of 1712	2160	Unicorn-19522.exe	41
PID 2160 wrote to memory of 1712	2160	Unicorn-19522.exe	41
PID 2160 wrote to memory of 1712	2160	Unicorn-19522.exe	41
PID 2564 wrote to memory of 2364	2564	Unicorn-11328.exe	42
PID 2564 wrote to memory of 2364	2564	Unicorn-11328.exe	42
PID 2564 wrote to memory of 2364	2564	Unicorn-11328.exe	42
PID 2564 wrote to memory of 2364	2564	Unicorn-11328.exe	42
PID 2704 wrote to memory of 1784	2704	Unicorn-16895.exe	43
PID 2704 wrote to memory of 1784	2704	Unicorn-16895.exe	43
PID 2704 wrote to memory of 1784	2704	Unicorn-16895.exe	43
PID 2704 wrote to memory of 1784	2704	Unicorn-16895.exe	43
PID 2504 wrote to memory of 2020	2504	Unicorn-3186.exe	44
PID 2504 wrote to memory of 2020	2504	Unicorn-3186.exe	44
PID 2504 wrote to memory of 2020	2504	Unicorn-3186.exe	44
PID 2504 wrote to memory of 2020	2504	Unicorn-3186.exe	44
PID 2512 wrote to memory of 3012	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	45
PID 2512 wrote to memory of 3012	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	45
PID 2512 wrote to memory of 3012	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	45
PID 2512 wrote to memory of 3012	2512	7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe	45
PID 3000 wrote to memory of 2520	3000	Unicorn-38651.exe	46
PID 3000 wrote to memory of 2520	3000	Unicorn-38651.exe	46
PID 3000 wrote to memory of 2520	3000	Unicorn-38651.exe	46
PID 3000 wrote to memory of 2520	3000	Unicorn-38651.exe	46

C:\Users\Admin\AppData\Local\Temp\7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe
"C:\Users\Admin\AppData\Local\Temp\7447e27a6479b5a4c88b3120a6aa18930c3cc0b399000d22a3a5fddd18d663c3N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20912.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        9⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        9⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        9⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
        8⤵
        Program crash
        
        PID:4004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        7⤵
        Program crash
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        8⤵
        Program crash
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
        7⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        6⤵
        Executes dropped EXE
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        8⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        8⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        7⤵
        Program crash
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        7⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
        6⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        7⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe
        6⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10312.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        8⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        8⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        7⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25921.exe
        7⤵
        
        PID:6552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        6⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
        6⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58361.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35947.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:7368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        6⤵
        Program crash
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        5⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        6⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
        7⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        7⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        6⤵
        
        PID:4516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        6⤵
        Program crash
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        8⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63005.exe
        7⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54020.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        7⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        7⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32745.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        6⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        6⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        6⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
        5⤵
        
        PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
        7⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        7⤵
        Program crash
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
        5⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        5⤵
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49294.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        5⤵
        
        PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        5⤵
        
        PID:2576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        6⤵
        Program crash
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        
        PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58896.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        6⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
        5⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12458.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
      4⤵
      PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51546.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
      4⤵
      PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        7⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        7⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
        6⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
        6⤵
        
        PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        6⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28819.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        5⤵
        
        PID:6928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        5⤵
        Program crash
        
        PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4499.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 220
        5⤵
        Program crash
        
        PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4375.exe
        5⤵
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59080.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        6⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        6⤵
        
        PID:7384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        
        PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
      4⤵
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
        5⤵
        
        PID:7820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
      4⤵
      Program crash
      PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18226.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        7⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        6⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        6⤵
        
        PID:7296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        5⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        6⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        5⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        6⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        6⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        5⤵
        
        PID:908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
        5⤵
        Program crash
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
        5⤵
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        6⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        7⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        6⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:7640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        5⤵
        Program crash
        
        PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        5⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41499.exe
        6⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        6⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        
        PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
      4⤵
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
        5⤵
        
        PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
      4⤵
      PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
      4⤵
      PID:7552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54282.exe
        6⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        7⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51163.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        6⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:7608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        5⤵
        Program crash
        
        PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
      4⤵
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        6⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        6⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        5⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
      4⤵
      PID:496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9336.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
      4⤵
      PID:7312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1895.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48672.exe
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        5⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        6⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        6⤵
        
        PID:7692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
        5⤵
        Program crash
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
      4⤵
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        5⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        5⤵
        
        PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18328.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe
      4⤵
      PID:6572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
      4⤵
      PID:7672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
    3⤵
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
      4⤵
      PID:820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
      4⤵
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
      4⤵
      PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
      4⤵
      PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
      4⤵
      PID:7224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
    3⤵
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
    3⤵
    PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
    3⤵
    PID:5852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
    3⤵
    PID:7256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        9⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        9⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53939.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        8⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        7⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47287.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
        8⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        6⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        7⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
        7⤵
        Program crash
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
        6⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18631.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
        8⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
        8⤵
        Program crash
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        7⤵
        
        PID:7912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23072.exe
        6⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        6⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8224.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        7⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        6⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
        5⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        6⤵
        
        PID:5620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        6⤵
        Program crash
        
        PID:6256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        7⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        9⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        8⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        8⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        7⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        6⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
        7⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        7⤵
        Program crash
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        6⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        7⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        7⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        6⤵
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        6⤵
        Program crash
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 216
        6⤵
        Program crash
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        5⤵
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        5⤵
        
        PID:1728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
        5⤵
        Program crash
        
        PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
        5⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        7⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        6⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        6⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
        6⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        6⤵
        Program crash
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        5⤵
        
        PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52491.exe
      4⤵
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
        6⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        6⤵
        
        PID:7648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        5⤵
        Program crash
        
        PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11205.exe
      4⤵
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
        5⤵
        
        PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
      4⤵
      PID:4628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36653.exe
      4⤵
      PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
      4⤵
      PID:6860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        5⤵
        Program crash
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        5⤵
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
        6⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        
        PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
      4⤵
      PID:6156
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
      4⤵
      Program crash
      PID:6148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55183.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
        5⤵
        Program crash
        
        PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
      4⤵
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        5⤵
        
        PID:7136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56128.exe
      4⤵
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        5⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        5⤵
        
        PID:7344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
      4⤵
      PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
      4⤵
      PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
      4⤵
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        5⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64115.exe
      4⤵
      PID:7120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
      4⤵
      Program crash
      PID:7248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4521.exe
    3⤵
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
      4⤵
      PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
      4⤵
      PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
      4⤵
      PID:7576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
    3⤵
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
    3⤵
    PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
    3⤵
    PID:6216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
    3⤵
    PID:7956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11022.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1784
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2289.exe
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        6⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        6⤵
        
        PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        5⤵
        
        PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        
        PID:7528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
      4⤵
      Program crash
      PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64297.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
      4⤵
      PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
    3⤵
    PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
      4⤵
      PID:4208
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 220
      4⤵
      Program crash
      PID:6260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
    3⤵
    - Program crash
    PID:4020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        5⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18516.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        5⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
        5⤵
        
        PID:7440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36156.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        5⤵
        
        PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
      4⤵
      PID:5904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
      4⤵
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54285.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        5⤵
        
        PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13290.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
    3⤵
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
      4⤵
      PID:5688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
      4⤵
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
      4⤵
      PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
    3⤵
    PID:3952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
    3⤵
    PID:4812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
    3⤵
    PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
    3⤵
    PID:6876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
        5⤵
        
        PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
        5⤵
        
        PID:6696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
      4⤵
      Program crash
      PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
    3⤵
    PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
      4⤵
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
      4⤵
      PID:6460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
      4⤵
      Program crash
      PID:7176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
    3⤵
    PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34384.exe
    3⤵
    PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
    3⤵
    PID:6296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
    3⤵
    PID:7948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15694.exe
    3⤵
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48714.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
      4⤵
      PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
      4⤵
      PID:7400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
    3⤵
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
    3⤵
    PID:4496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
    3⤵
    PID:8108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
  2⤵
  PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
    3⤵
    PID:4100
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
    3⤵
    - Program crash
    PID:4120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
  2⤵
  PID:4328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
  2⤵
  PID:5716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11328.exe

Filesize
468KB

MD5
73c7ff508186dddbf09fcecf28e9dc33

SHA1
5951a7d1bf3329f597d21ad7f64eeda7d494a7b8

SHA256
6fdac2240c339823c676f5919b612926f5d61499704fdbaf0a5f06ae6fb94395

SHA512
ec6f30ce7cde590d93298c48838e699d85478b329863f960b37c4946efa1c31fabd3d393dbf7ce4e59773dab63c0bc416eea751e32b2805852d57ac06aae93ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe

Filesize
468KB

MD5
b0c440d60d2061cd0e440a0bf1473135

SHA1
f445ee65acb7275b44e2981ea277245e98c5f7ac

SHA256
610b76b715bee2783081e272d83dadcb85c46194bf91cda8aa57ca4c1cb59e84

SHA512
118eea54e6f3045bd113d539a684689ee43ea0836d08c9f6a4b94da51633206a7d49bfe4add84583890e086c7f532d830df0fc8b9d6fb8b7e25017c899de8ffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe

Filesize
468KB

MD5
04cb9d9539323c9f54a5136f60c7e708

SHA1
c1fa458d5f75b3483f5bfba2a89bf6bb5cf0a61a

SHA256
e31aabe2f3df8aeaf29f70f0f5d56ff43b72ab7f6d2eda4d1d71705a16b9d9ab

SHA512
294eed89e1a95ba9e7d7a72780bc16e4512c7b4355f2597fe73ce8b52b4fc63410732fe30f3626211e19628c9f75b1028979f21f93192899e9cc996532608772

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe

Filesize
468KB

MD5
138f5c71f8d716388d6317d55443a1c9

SHA1
cf59cd21c555e7fbcde52d3bdb354d764f4d653b

SHA256
8259d15b8e559ca6d7524218aac797176d52acb6b752394b10f3d4076b373e83

SHA512
6f4880d1afc2e3e6a50c3903d22f79bb603cb1de8bbcf24a1e864e703bda071ed7ebd94d4fc6e7eee92c61ece19d12277760f362c97ce6696772e35ee1a426c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe

Filesize
468KB

MD5
4a70a8f2b4b76f6d43524f6a045263d4

SHA1
4f21cd4820e89642aed7e3c4713453cb623c2642

SHA256
b48b13582ed1f1beed073e36a12fde25a5cc60bf58b53b749cadf281545eb670

SHA512
a5a149813f0da83fb50f09f1002dd3eefecf16fa1866fbe938608961ddfaa0f827ef1a0e73ad0c8e53494349408f155be841d361792ff30c8622ba9b8b74695f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe

Filesize
468KB

MD5
2b5ac027cf3a2960440f3cee1dcddd08

SHA1
6a5738a304bc60743b7d78d9c1dbf38311d45717

SHA256
3a5baa3a0438f6b0fc8b2cf4d3d46279ef904155034439c49a20ff0606903ab0

SHA512
9823297d8e13ee6fc453214c43b5f4b3c01bd6937623654c5e9df9f553fc307314f3df3707ed7f2dca01e4e117864d97f00fd76a1f04b43d4baa3ec768b0ea0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe

Filesize
468KB

MD5
ba3d65e1cb7454ca2fa1929538d292b9

SHA1
e2a8dce36ead03a036a0b0730f0f0b61382245a2

SHA256
5a68283618e6bbdf2a0a65f247c2545b0b495639632d6eeff6d5db450b36ca20

SHA512
68d847a01e125914796cc4f103a5565fa7330bc0c68aaa315a276a7b8f5b4acab7582a99a6385f29f1024df207d1e523984cd74100d316461ef8b9ae0e85130f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe

Filesize
468KB

MD5
9853a800cdf0ef8e6b5609c9aac75ada

SHA1
e2d10d907400bcf06437954953c0de1d6b498f96

SHA256
e7614a3e6eb979fd29507f2c8b8354a422cee513bc16cfe1632c25755768f208

SHA512
d6742cbf1888b8a8db48db0bfa7d461c0532c82fdca26ee53b78c46666870b76c64fd62e4fce9929a36e13c8c90064a3a3051cca468cc5a842e6a02f3163174f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe

Filesize
468KB

MD5
7fbb6ca29f452cd3a38425d30e55124e

SHA1
c1aaa9bd2e4bc5a0893165b244b2e02f9f299da7

SHA256
5aa6672cd83fb98d86fd42fb362f9fe220ef1c0378025fdcc5c049766710def5

SHA512
b36876a4c117b54c6e2449d8036a3cfb2ebf5ca8c3b1e617ab111a8b2b6f164af965662021625f57298a898f73f501909df599964d53d3e65a4b1115e74685a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11022.exe

Filesize
468KB

MD5
9468491fca432e8b3356b663a300e8e8

SHA1
687c2a8e062a3ddf46bd8e613f0280424554180c

SHA256
9a56918a99a98a568653295a88ed01c5e5c318479cf11e3a0aac12ac4d496c5e

SHA512
9946c332fc23822aeeeeefdcda5976cccb8c2c4db048d9c057ce49f3d4b2025bde756dcd16c82334190f3789207731a22bf425b7150f5f84f358fde1899bbae9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe

Filesize
468KB

MD5
4a67c3be780b0d0e640854f03e5c67d5

SHA1
6df0783db97036d2710359fd19bdb6075b9cec15

SHA256
36f24c4f536fc4627ab57ad2505446ae73cd96839b50ffe73754b458f654c5bf

SHA512
e285b57b2380cb4256e36621dfcf6246a56100687b7506957cc47e1057d9894ec2773c3c8d5ceacbde45c19c51b2a38a8d954945660e14accc87027cf7d87b7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19522.exe

Filesize
468KB

MD5
eba843ab2188a05f8534969805644e30

SHA1
6aad03e884bf56cbdb04c05b14f680c08d9f6d6f

SHA256
480ed38ea8c3b584aeaab161870ecc1d2b6208fe655895fd8d4569d15b2f376b

SHA512
7ffeb05c207023f632e59e127046d8ea42bea162e49a5a17be987af2281af7006784d0f2be6a9274e6a7d7d5c01acaa5a9f92cc33f33d2f0a34a317338ccd36a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe

Filesize
468KB

MD5
438721d87db8d60f69f8e686ef684d64

SHA1
032fa6922e646b32cdcec3a8bf4b934ac34a6f81

SHA256
d236d76e4cb3f95b19368d95b519489ecdd6d33ed3d8563d9629c7d0cca1642e

SHA512
eba3198a30f0de091b319b8c247840f098efbd0e25cbeed04d13a9b30511b10d2d84dc9dab910a297123835e5ade8e77683547df5594d219c8012a8ebdc5854d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe

Filesize
468KB

MD5
9d981b4af0559646a9078f96afbd5964

SHA1
b0be88dceea34185ef339f2b86d0b645f0e5123c

SHA256
3dc38cf7455c9e97e4425c13a9671c6fda18d3e40a71f856cc095af728bd4b0e

SHA512
d84f429b192ecbac7f871d686c9ebbe8eb945d15c344b5d34977bd31ee814e4b9e342bc2ddc347f0b852d58bc156cea82e2230a09deb42e72d408dbb02772a96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe

Filesize
468KB

MD5
603b1a55380569cc776ba3d3f4938c34

SHA1
297faf1c034d172f41e0337eb552ccdc08ed6f04

SHA256
7264da244d3a8cc4b666b68abd765fb3ce8d7cfd622a7f73db1fe3ef517d5079

SHA512
d72621f265d9e18dddaacfe693f9bde99dc77583fac370e2186498a47bfccc4c5d99bc8c84d4508c41d6fed7bddd663bea9fdc0bafa51ad3066be520a4eac624

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe

Filesize
468KB

MD5
1b07f3f040fc2441b6c70508515b675a

SHA1
27921246b61290f6ecc6fa99932ddfa8075e74d7

SHA256
860bb4b1f75611e5cd1e0083f77b05a451789bccae36abce4f8ae2194709cad8

SHA512
37fffca6e99eb9c071c366822e9a3379837180867cf31e652add05243f9d251934e9219f1f64daf8fdb59f405abbf1fa8a371feb00167425ebf0916dec916c42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe

Filesize
468KB

MD5
b5d3b87a19eef81895d97e261a36bf35

SHA1
d612d9ddb2bacd06792e320e022951810026e8c4

SHA256
94aeae980a4393babff4614a8dd8342098f1c569581a6a25cc31a72781133ab7

SHA512
d92487fb21e44405240d53ab687a46f11b2d1a2af208f76358a24d06e0174fcd423f3ce1e95474caf84c972b058f819610b4ab9d2fcf69ac9d770a2817d4c147

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe

Filesize
468KB

MD5
28c9c60cfbc8cbd6488ca31e9d2cdc2c

SHA1
4b4ebd86c3d258c2e3ee8497d3a66e8c388f4e55

SHA256
e51628d2994b84a9d55555c3be727a262f9f8460fa28f1b43c3ef7c341c1fc0e

SHA512
546b6e9ca69a36bb724a5a2bc1bd0284f2c099d2d2ad611ccb53e37da29d31be28b7cb7e910d59c8643419fbce6ac870362080dad3f98ed760c7cf5737642b34

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe

Filesize
468KB

MD5
fa8ac6dde015f1c490f9d2d4754439e7

SHA1
d2910ae7a071c6464c7784fc1457de927364b5f1

SHA256
4c0753d58875222e0455b3a215eed7f350dddd25b4ec27e88c14a434d4a0b580

SHA512
e09f56ebee0e47e528e0c7a970300a171fafae5ce646fc702daa197b981671bc70bc64de8b986fbbdbfaa0aa517ba146c3717dcd25cb91731d6d6e4ad2635016

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe

Filesize
468KB

MD5
2c284d1cfddf582cd650e8284fb0e687

SHA1
0ae6fc875de00b2f26bb0e2f3e05e0130e41bbef

SHA256
b42eaab9cdfc781a8812525f3580e25178abe9e05acb1edccbc00ce7e7c6b736

SHA512
53927b4c72c82643f6dc8f9dfac8637bbcc9d0e7e6b46900c8821ac6219775c5cc29c9ba26ed235971ec7212c28bd69dd338b69f2852ea29e0ad3733aca05d12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe

Filesize
468KB

MD5
61250ddfab6523f750e00d0f81a6ff00

SHA1
97fbf9c5f07aa94f5378a3d1b0bb137e55d96a29

SHA256
2c9068d88417e14a6e44bc401ced2c9ce1e50e381fc6c7be9837be2af60fe0f7

SHA512
4e671e0931acfcbb09727e53d0d2e376e67f35d235e8041e389f11dceaf1cad9c58f118796eb13b472067146892412daed749bd87d55d8d817b6ff439f7d3249

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe

Filesize
468KB

MD5
4b1391ecffefe79bb568895093a5e34f

SHA1
b88ff29524a407519415fb1e124f32c677ec01d0

SHA256
b826d115a6d723c3adcb3a943667ddccca64558232824b92f6be867b7eeb37f6

SHA512
92153f90d9206de136c3bc3a491e4b249c7a1005682fdb7155afece548b0594249b7b0f9bdcad1012042a798c4aa1f02750a1be11bd4ef7ddf8bd14c46541efc

Download Submit
memory/320-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/848-270-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1020-405-0x0000000000670000-0x00000000006E5000-memory.dmp

Filesize
468KB

Download
memory/1032-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1184-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1380-322-0x0000000002260000-0x00000000022D5000-memory.dmp

Filesize
468KB

Download
memory/1380-308-0x0000000002260000-0x00000000022D5000-memory.dmp

Filesize
468KB

Download
memory/1380-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1384-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-310-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1712-325-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/1712-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1752-300-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-324-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1784-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1876-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1876-383-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/1876-385-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2020-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-245-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2020-246-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2160-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2160-323-0x0000000003140000-0x00000000031B5000-memory.dmp

Filesize
468KB

Download
memory/2160-312-0x0000000003140000-0x00000000031B5000-memory.dmp

Filesize
468KB

Download
memory/2160-130-0x0000000003340000-0x00000000033B5000-memory.dmp

Filesize
468KB

Download
memory/2164-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2244-299-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2364-294-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2364-295-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2364-151-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-269-0x0000000002800000-0x0000000002875000-memory.dmp

Filesize
468KB

Download
memory/2504-259-0x0000000002800000-0x0000000002875000-memory.dmp

Filesize
468KB

Download
memory/2504-169-0x0000000002800000-0x0000000002875000-memory.dmp

Filesize
468KB

Download
memory/2504-404-0x0000000002800000-0x0000000002875000-memory.dmp

Filesize
468KB

Download
memory/2504-12-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-153-0x0000000002800000-0x0000000002875000-memory.dmp

Filesize
468KB

Download
memory/2504-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-76-0x0000000002800000-0x0000000002875000-memory.dmp

Filesize
468KB

Download
memory/2512-10-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2512-388-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2512-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-30-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2512-279-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2512-372-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2512-156-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2512-176-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2512-301-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2520-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2520-362-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/2520-361-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/2564-150-0x0000000001E80000-0x0000000001EF5000-memory.dmp

Filesize
468KB

Download
memory/2564-149-0x0000000001E80000-0x0000000001EF5000-memory.dmp

Filesize
468KB

Download
memory/2564-298-0x0000000001E80000-0x0000000001EF5000-memory.dmp

Filesize
468KB

Download
memory/2564-297-0x0000000001E80000-0x0000000001EF5000-memory.dmp

Filesize
468KB

Download
memory/2564-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-211-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2660-210-0x0000000002460000-0x00000000024D5000-memory.dmp

Filesize
468KB

Download
memory/2660-49-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2672-364-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-272-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2704-275-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2704-152-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2704-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-161-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2760-402-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2760-400-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2760-226-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2760-218-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2760-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2800-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2808-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2808-236-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2808-237-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2820-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2848-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2860-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2912-376-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/2912-215-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3000-363-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/3000-360-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/3000-198-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/3000-202-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/3000-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-256-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/3012-257-0x0000000001CB0000-0x0000000001D25000-memory.dmp

Filesize
468KB

Download
memory/3044-334-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3044-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3044-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3044-333-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3044-48-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3044-106-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3060-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download