34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
Size

468KB
MD5

f07aeeaf716b5bf106e4348426570120
SHA1

bd1421cc8657e7492265d461acdc92e3e3746ebb
SHA256

34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38
SHA512

cf85e0facb8f40c636b7897a439a28c0343d65399711d4e909bf83a4e8993dc0140486707678aaa11c5a2e7dd4e3303e75eb5be430f35cb3a946535dc074c03a
SSDEEP

3072:2bCgoDcnI05UtbY+Pztjcf8/VCMvCzupb6KHexVsnmfl/mch7ORlQ:2bZoT8Ut5PJjcfp+ESmfpTh7O

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2848	Unicorn-38608.exe
2572	Unicorn-64311.exe
1900	Unicorn-24025.exe
2728	Unicorn-20430.exe
2576	Unicorn-45681.exe
2196	Unicorn-61462.exe
3056	Unicorn-2047.exe
1520	Unicorn-53424.exe
2024	Unicorn-694.exe
2360	Unicorn-24644.exe
2788	Unicorn-53232.exe
2804	Unicorn-53787.exe
2756	Unicorn-8115.exe
468	Unicorn-1985.exe
348	Unicorn-50227.exe
2144	Unicorn-25879.exe
624	Unicorn-59298.exe
408	Unicorn-42215.exe
2012	Unicorn-23693.exe
1500	Unicorn-63787.exe
996	Unicorn-43367.exe
1532	Unicorn-23501.exe
1708	Unicorn-56174.exe
2000	Unicorn-4372.exe
876	Unicorn-39091.exe
604	Unicorn-50581.exe
1732	Unicorn-10502.exe
2356	Unicorn-16432.exe
2332	Unicorn-22563.exe
1928	Unicorn-5961.exe
2752	Unicorn-47534.exe
2484	Unicorn-35282.exe
1468	Unicorn-37372.exe
2716	Unicorn-63360.exe
2860	Unicorn-65406.exe
2916	Unicorn-29012.exe
2588	Unicorn-61130.exe
2568	Unicorn-38472.exe
2404	Unicorn-40.exe
1944	Unicorn-28266.exe
1052	Unicorn-60938.exe
1608	Unicorn-28628.exe
1044	Unicorn-44218.exe
1636	Unicorn-8430.exe
1856	Unicorn-601.exe
2900	Unicorn-61540.exe
792	Unicorn-38327.exe
2456	Unicorn-44457.exe
1524	Unicorn-28121.exe
400	Unicorn-8255.exe
2548	Unicorn-19495.exe
1884	Unicorn-45225.exe
2432	Unicorn-45225.exe
864	Unicorn-33527.exe
2480	Unicorn-3430.exe
1868	Unicorn-24613.exe
1516	Unicorn-48852.exe
612	Unicorn-4192.exe
1268	Unicorn-20719.exe
1440	Unicorn-46185.exe
2476	Unicorn-63076.exe
2984	Unicorn-21489.exe
2352	Unicorn-26127.exe
808	Unicorn-45993.exe

Loads dropped DLL 64 IoCs

pid	Process
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
2848	Unicorn-38608.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
2848	Unicorn-38608.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
2572	Unicorn-64311.exe
2572	Unicorn-64311.exe
2848	Unicorn-38608.exe
2848	Unicorn-38608.exe
1900	Unicorn-24025.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
1900	Unicorn-24025.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
2728	Unicorn-20430.exe
2728	Unicorn-20430.exe
2572	Unicorn-64311.exe
2572	Unicorn-64311.exe
2196	Unicorn-61462.exe
2196	Unicorn-61462.exe
2576	Unicorn-45681.exe
1900	Unicorn-24025.exe
2848	Unicorn-38608.exe
3056	Unicorn-2047.exe
3056	Unicorn-2047.exe
2576	Unicorn-45681.exe
2848	Unicorn-38608.exe
1900	Unicorn-24025.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
1520	Unicorn-53424.exe
1520	Unicorn-53424.exe
2728	Unicorn-20430.exe
2728	Unicorn-20430.exe
2360	Unicorn-24644.exe
2360	Unicorn-24644.exe
2196	Unicorn-61462.exe
2196	Unicorn-61462.exe
2788	Unicorn-53232.exe
2788	Unicorn-53232.exe
3056	Unicorn-2047.exe
2756	Unicorn-8115.exe
2756	Unicorn-8115.exe
3056	Unicorn-2047.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe
2576	Unicorn-45681.exe
2576	Unicorn-45681.exe
2024	Unicorn-694.exe
2024	Unicorn-694.exe
1900	Unicorn-24025.exe
1900	Unicorn-24025.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
348	Unicorn-50227.exe
348	Unicorn-50227.exe
2572	Unicorn-64311.exe
2572	Unicorn-64311.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
900	2804	WerFault.exe	41
2188	1708	WerFault.exe	53
2816	2568	WerFault.exe	68
880	1944	WerFault.exe	70
1484	2900	WerFault.exe	77
2492	2024	WerFault.exe	38
2320	2908	WerFault.exe	101
2164	2628	WerFault.exe	104
2288	2536	WerFault.exe	117
1452	2828	WerFault.exe	97
2676	2752	WerFault.exe	61
2700	2716	WerFault.exe	64
2872	1636	WerFault.exe	75
1896	612	WerFault.exe	89
3064	1492	WerFault.exe	98
1724	2916	WerFault.exe	66
2192	2364	WerFault.exe	168
3136	2564	WerFault.exe	103
3396	2860	WerFault.exe	65
3416	3056	WerFault.exe	36
3076	2684	WerFault.exe	129
3336	864	WerFault.exe	85
3600	1180	WerFault.exe	122
4060	2632	WerFault.exe	166
4036	492	WerFault.exe	135
4068	1348	WerFault.exe	137
3864	1788	WerFault.exe	139
3972	2300	WerFault.exe	178
3688	1872	WerFault.exe	114
3668	2432	WerFault.exe	84
3724	2308	WerFault.exe	115
3732	2984	WerFault.exe	93
3876	2972	WerFault.exe	145
4416	2316	WerFault.exe	119
4436	1884	WerFault.exe	83
4476	912	WerFault.exe	112
4468	2620	WerFault.exe	102
4460	1616	WerFault.exe	120
4452	2356	WerFault.exe	58
4444	792	WerFault.exe	78
4488	1516	WerFault.exe	88
4536	1620	WerFault.exe	156
5116	2776	WerFault.exe	110
4100	2480	WerFault.exe	86
4412	2132	WerFault.exe	132
4744	1760	WerFault.exe	123
4964	2784	WerFault.exe	131
4148	2840	WerFault.exe	126
4152	2924	WerFault.exe	128
4132	2464	WerFault.exe	130
4136	1308	WerFault.exe	180
4172	1732	WerFault.exe	57
4504	1792	WerFault.exe	136
4384	1684	WerFault.exe	138
5048	2604	WerFault.exe	106
4916	1440	WerFault.exe	91
5148	1052	WerFault.exe	71
5248	1676	WerFault.exe	143
5268	2328	WerFault.exe	140
5412	2332	WerFault.exe	59
5436	1868	WerFault.exe	87
5452	2936	WerFault.exe	146
5492	2548	WerFault.exe	82
5556	2560	WerFault.exe	147

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25699.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55669.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33706.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
2848	Unicorn-38608.exe
2572	Unicorn-64311.exe
1900	Unicorn-24025.exe
2728	Unicorn-20430.exe
3056	Unicorn-2047.exe
2196	Unicorn-61462.exe
2576	Unicorn-45681.exe
1520	Unicorn-53424.exe
2360	Unicorn-24644.exe
2024	Unicorn-694.exe
2804	Unicorn-53787.exe
2788	Unicorn-53232.exe
2756	Unicorn-8115.exe
468	Unicorn-1985.exe
348	Unicorn-50227.exe
2144	Unicorn-25879.exe
624	Unicorn-59298.exe
408	Unicorn-42215.exe
2012	Unicorn-23693.exe
1500	Unicorn-63787.exe
996	Unicorn-43367.exe
1532	Unicorn-23501.exe
2000	Unicorn-4372.exe
876	Unicorn-39091.exe
1708	Unicorn-56174.exe
604	Unicorn-50581.exe
2356	Unicorn-16432.exe
1732	Unicorn-10502.exe
2332	Unicorn-22563.exe
1928	Unicorn-5961.exe
2752	Unicorn-47534.exe
2484	Unicorn-35282.exe
1468	Unicorn-37372.exe
2716	Unicorn-63360.exe
2860	Unicorn-65406.exe
2916	Unicorn-29012.exe
2588	Unicorn-61130.exe
2568	Unicorn-38472.exe
2404	Unicorn-40.exe
1944	Unicorn-28266.exe
1052	Unicorn-60938.exe
1608	Unicorn-28628.exe
1044	Unicorn-44218.exe
1636	Unicorn-8430.exe
1856	Unicorn-601.exe
2456	Unicorn-44457.exe
2900	Unicorn-61540.exe
792	Unicorn-38327.exe
1524	Unicorn-28121.exe
400	Unicorn-8255.exe
2548	Unicorn-19495.exe
2432	Unicorn-45225.exe
1884	Unicorn-45225.exe
864	Unicorn-33527.exe
1868	Unicorn-24613.exe
1440	Unicorn-46185.exe
2480	Unicorn-3430.exe
612	Unicorn-4192.exe
1516	Unicorn-48852.exe
1268	Unicorn-20719.exe
2476	Unicorn-63076.exe
2984	Unicorn-21489.exe
2352	Unicorn-26127.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2848	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	30
PID 2692 wrote to memory of 2848	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	30
PID 2692 wrote to memory of 2848	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	30
PID 2692 wrote to memory of 2848	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	30
PID 2848 wrote to memory of 2572	2848	Unicorn-38608.exe	31
PID 2848 wrote to memory of 2572	2848	Unicorn-38608.exe	31
PID 2848 wrote to memory of 2572	2848	Unicorn-38608.exe	31
PID 2848 wrote to memory of 2572	2848	Unicorn-38608.exe	31
PID 2692 wrote to memory of 1900	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	32
PID 2692 wrote to memory of 1900	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	32
PID 2692 wrote to memory of 1900	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	32
PID 2692 wrote to memory of 1900	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	32
PID 2572 wrote to memory of 2728	2572	Unicorn-64311.exe	33
PID 2572 wrote to memory of 2728	2572	Unicorn-64311.exe	33
PID 2572 wrote to memory of 2728	2572	Unicorn-64311.exe	33
PID 2572 wrote to memory of 2728	2572	Unicorn-64311.exe	33
PID 2848 wrote to memory of 2576	2848	Unicorn-38608.exe	34
PID 2848 wrote to memory of 2576	2848	Unicorn-38608.exe	34
PID 2848 wrote to memory of 2576	2848	Unicorn-38608.exe	34
PID 2848 wrote to memory of 2576	2848	Unicorn-38608.exe	34
PID 1900 wrote to memory of 2196	1900	Unicorn-24025.exe	35
PID 1900 wrote to memory of 2196	1900	Unicorn-24025.exe	35
PID 1900 wrote to memory of 2196	1900	Unicorn-24025.exe	35
PID 1900 wrote to memory of 2196	1900	Unicorn-24025.exe	35
PID 2692 wrote to memory of 3056	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	36
PID 2692 wrote to memory of 3056	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	36
PID 2692 wrote to memory of 3056	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	36
PID 2692 wrote to memory of 3056	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	36
PID 2728 wrote to memory of 1520	2728	Unicorn-20430.exe	37
PID 2728 wrote to memory of 1520	2728	Unicorn-20430.exe	37
PID 2728 wrote to memory of 1520	2728	Unicorn-20430.exe	37
PID 2728 wrote to memory of 1520	2728	Unicorn-20430.exe	37
PID 2572 wrote to memory of 2024	2572	Unicorn-64311.exe	38
PID 2572 wrote to memory of 2024	2572	Unicorn-64311.exe	38
PID 2572 wrote to memory of 2024	2572	Unicorn-64311.exe	38
PID 2572 wrote to memory of 2024	2572	Unicorn-64311.exe	38
PID 2196 wrote to memory of 2360	2196	Unicorn-61462.exe	39
PID 2196 wrote to memory of 2360	2196	Unicorn-61462.exe	39
PID 2196 wrote to memory of 2360	2196	Unicorn-61462.exe	39
PID 2196 wrote to memory of 2360	2196	Unicorn-61462.exe	39
PID 3056 wrote to memory of 2788	3056	Unicorn-2047.exe	43
PID 3056 wrote to memory of 2788	3056	Unicorn-2047.exe	43
PID 3056 wrote to memory of 2788	3056	Unicorn-2047.exe	43
PID 3056 wrote to memory of 2788	3056	Unicorn-2047.exe	43
PID 2576 wrote to memory of 2756	2576	Unicorn-45681.exe	40
PID 2576 wrote to memory of 2756	2576	Unicorn-45681.exe	40
PID 2576 wrote to memory of 2756	2576	Unicorn-45681.exe	40
PID 2576 wrote to memory of 2756	2576	Unicorn-45681.exe	40
PID 2848 wrote to memory of 468	2848	Unicorn-38608.exe	42
PID 2848 wrote to memory of 468	2848	Unicorn-38608.exe	42
PID 2848 wrote to memory of 468	2848	Unicorn-38608.exe	42
PID 2848 wrote to memory of 468	2848	Unicorn-38608.exe	42
PID 1900 wrote to memory of 2804	1900	Unicorn-24025.exe	41
PID 1900 wrote to memory of 2804	1900	Unicorn-24025.exe	41
PID 1900 wrote to memory of 2804	1900	Unicorn-24025.exe	41
PID 1900 wrote to memory of 2804	1900	Unicorn-24025.exe	41
PID 2692 wrote to memory of 348	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	44
PID 2692 wrote to memory of 348	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	44
PID 2692 wrote to memory of 348	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	44
PID 2692 wrote to memory of 348	2692	34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe	44
PID 1520 wrote to memory of 2144	1520	Unicorn-53424.exe	45
PID 1520 wrote to memory of 2144	1520	Unicorn-53424.exe	45
PID 1520 wrote to memory of 2144	1520	Unicorn-53424.exe	45
PID 1520 wrote to memory of 2144	1520	Unicorn-53424.exe	45

C:\Users\Admin\AppData\Local\Temp\34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe
"C:\Users\Admin\AppData\Local\Temp\34a6f450d9937a4349cd2bbcb1d02d4ecf2ecb4bbd3a1c82475c1202ce78ef38N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
        9⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        10⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        9⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 220
        9⤵
        Program crash
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 248
        8⤵
        Program crash
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22465.exe
        9⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 228
        9⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        8⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 244
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64008.exe
        8⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33492.exe
        7⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 244
        7⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        7⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 244
        8⤵
        Program crash
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11431.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        8⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 228
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        7⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        7⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
        6⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        7⤵
        Program crash
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        6⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 228
        7⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20000.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30468.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        6⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38847.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63790.exe
        6⤵
        
        PID:9724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        8⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 224
        9⤵
        Program crash
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 248
        8⤵
        Program crash
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        7⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        9⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 228
        8⤵
        Program crash
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        8⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        7⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 244
        7⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26127.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44208.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14343.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        8⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 220
        8⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8579.exe
        7⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
        7⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22899.exe
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        7⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41081.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        7⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4336.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        7⤵
        
        PID:9064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        6⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        6⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        8⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 244
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        7⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        7⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 248
        7⤵
        
        PID:7136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 248
        6⤵
        Program crash
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
        8⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
        7⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 244
        7⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46429.exe
        6⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24087.exe
        7⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 228
        6⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
        6⤵
        
        PID:6576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 228
        6⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 244
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36232.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        8⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 228
        8⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 228
        7⤵
        Program crash
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        6⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15386.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        7⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14444.exe
        6⤵
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47414.exe
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6364.exe
        6⤵
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        6⤵
        
        PID:8456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        6⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33527.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        7⤵
        Program crash
        
        PID:4744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
        6⤵
        Program crash
        
        PID:3336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        5⤵
        Program crash
        
        PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16432.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 244
        7⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23050.exe
        6⤵
        
        PID:3640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        6⤵
        Program crash
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        5⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21433.exe
        6⤵
        
        PID:6368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 216
        6⤵
        
        PID:7884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 244
        5⤵
        Program crash
        
        PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        5⤵
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33674.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        6⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        6⤵
        
        PID:8160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 244
        6⤵
        
        PID:8748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 228
        5⤵
        Program crash
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        5⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        5⤵
        
        PID:7940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        5⤵
        
        PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
      4⤵
      PID:4680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
      4⤵
      PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
      4⤵
      PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
      4⤵
      PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
      4⤵
      PID:8364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
      4⤵
      PID:9740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        9⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 224
        10⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        9⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 228
        9⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 244
        8⤵
        Program crash
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
        7⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        8⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        8⤵
        Program crash
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        7⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 248
        7⤵
        Program crash
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1322.exe
        6⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12779.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
        7⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 224
        7⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15623.exe
        6⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        7⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39112.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        6⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
        6⤵
        
        PID:7792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 244
        6⤵
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39133.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19833.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        8⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 224
        8⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47997.exe
        7⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        7⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        7⤵
        Program crash
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3144.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 244
        6⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        6⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        7⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 228
        7⤵
        
        PID:6500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 228
        6⤵
        Program crash
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        5⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        6⤵
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 228
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27126.exe
        5⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31437.exe
        5⤵
        
        PID:7528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        5⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        5⤵
        
        PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        5⤵
        Program crash
        
        PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38327.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
        6⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        7⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50214.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        7⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        7⤵
        
        PID:9772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 248
        6⤵
        Program crash
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        5⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26549.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        6⤵
        
        PID:6284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 244
        5⤵
        Program crash
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50170.exe
      4⤵
      PID:1180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 220
        5⤵
        Program crash
        
        PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        5⤵
        
        PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
      4⤵
      PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
      4⤵
      PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
      4⤵
      PID:7840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
      4⤵
      PID:8944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        8⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 228
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 228
        7⤵
        Program crash
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
        7⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 228
        7⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        6⤵
        
        PID:7604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        6⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        6⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 224
        7⤵
        Program crash
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10600.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18841.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        6⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        5⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        6⤵
        
        PID:3996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 248
        6⤵
        Program crash
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        5⤵
        
        PID:3828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        5⤵
        Program crash
        
        PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        6⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        7⤵
        
        PID:9012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 228
        6⤵
        Program crash
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3424.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        5⤵
        
        PID:4840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 236
        5⤵
        
        PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54810.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        6⤵
        
        PID:9796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        5⤵
        Program crash
        
        PID:4964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
      4⤵
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        5⤵
        
        PID:8712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
      4⤵
      PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
      4⤵
      PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
      4⤵
      PID:7804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
      4⤵
      PID:8736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
        5⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        6⤵
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 228
        6⤵
        Program crash
        
        PID:5556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 248
        5⤵
        Program crash
        
        PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
      4⤵
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        5⤵
        
        PID:6128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 224
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37554.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
      4⤵
      PID:5820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 244
      4⤵
      PID:6860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
      4⤵
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
        5⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        5⤵
        
        PID:9732
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 228
      4⤵
      Program crash
      PID:4100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
    3⤵
    PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
      4⤵
      PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
      4⤵
      PID:8152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
      4⤵
      PID:9804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
    3⤵
    PID:6068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
    3⤵
    PID:7596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57230.exe
    3⤵
    PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
    3⤵
    PID:8728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
        8⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
        8⤵
        Program crash
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        7⤵
        Program crash
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        6⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 244
        7⤵
        Program crash
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        6⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        7⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 244
        7⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18914.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
        6⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        6⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
        6⤵
        
        PID:8892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 244
        6⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28557.exe
        7⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 188
        8⤵
        Program crash
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        7⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
        7⤵
        
        PID:5608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 248
        6⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        7⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
        7⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33706.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 248
        6⤵
        Program crash
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        6⤵
        
        PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
        5⤵
        
        PID:4632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 248
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        8⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 224
        8⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        7⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        7⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 248
        7⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        6⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        7⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        7⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 224
        7⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        6⤵
        
        PID:4396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        6⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        6⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1852.exe
        7⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 228
        7⤵
        
        PID:6300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 248
        6⤵
        Program crash
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52250.exe
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        6⤵
        
        PID:3952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 228
        6⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        5⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        5⤵
        
        PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 244
        5⤵
        Program crash
        
        PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
      4⤵
      PID:2908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 244
        5⤵
        Program crash
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
      4⤵
      PID:2972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 244
        5⤵
        Program crash
        
        PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8330.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2804
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 244
      4⤵
      Loads dropped DLL
      Program crash
      PID:900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28121.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        5⤵
        
        PID:2684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        6⤵
        Program crash
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        5⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        6⤵
        
        PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        5⤵
        
        PID:4624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 228
        5⤵
        
        PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43782.exe
      4⤵
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        6⤵
        
        PID:9296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
        5⤵
        Program crash
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4139.exe
      4⤵
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
        5⤵
        
        PID:8428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 248
        5⤵
        
        PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
      4⤵
      PID:4600
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 244
      4⤵
      PID:6380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
      4⤵
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9485.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
        6⤵
        
        PID:4012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        6⤵
        Program crash
        
        PID:5248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 228
        5⤵
        Program crash
        
        PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
      4⤵
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        5⤵
        
        PID:3920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 248
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
      4⤵
      PID:4020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
      4⤵
      Program crash
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
    3⤵
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        5⤵
        
        PID:8072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        5⤵
        
        PID:8764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        5⤵
        
        PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
      4⤵
      PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
      4⤵
      PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
      4⤵
      PID:7544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
      4⤵
      PID:8448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
    3⤵
    PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
      4⤵
      PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
      4⤵
      PID:9180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
    3⤵
    PID:4768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
    3⤵
    PID:5968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        6⤵
        Program crash
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
        5⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56486.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30965.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        7⤵
        
        PID:8832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 248
        6⤵
        Program crash
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25467.exe
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        6⤵
        
        PID:7968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 220
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        5⤵
        
        PID:5980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 248
        5⤵
        
        PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34882.exe
        8⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        7⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        7⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 244
        7⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        6⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        6⤵
        
        PID:7896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 248
        6⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        5⤵
        
        PID:492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 492 -s 220
        6⤵
        Program crash
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31183.exe
        5⤵
        
        PID:4248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 244
        5⤵
        
        PID:6372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        6⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        6⤵
        
        PID:7664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 220
        6⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe
        5⤵
        
        PID:5812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 248
        5⤵
        
        PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
      4⤵
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18713.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
        5⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60611.exe
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        5⤵
        
        PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
      4⤵
      PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52547.exe
      4⤵
      PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
      4⤵
      PID:7548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        5⤵
        
        PID:1348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 224
        6⤵
        Program crash
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        5⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44075.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
        5⤵
        
        PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
      4⤵
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        5⤵
        
        PID:3220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        5⤵
        Program crash
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
      4⤵
      PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
      4⤵
      PID:9000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
      4⤵
      PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 224
        5⤵
        Program crash
        
        PID:2288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 248
      4⤵
      Program crash
      PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21690.exe
    3⤵
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
      4⤵
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 244
        5⤵
        
        PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19267.exe
      4⤵
      PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
      4⤵
      PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
      4⤵
      PID:6600
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
      4⤵
      PID:7996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 244
    3⤵
    - Program crash
    PID:3416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10502.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-601.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        5⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34774.exe
        6⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
        7⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        6⤵
        
        PID:4812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 224
        6⤵
        
        PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51473.exe
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        6⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        5⤵
        
        PID:4872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 248
        5⤵
        
        PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      4⤵
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        6⤵
        
        PID:8664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 228
        6⤵
        
        PID:4576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 228
        5⤵
        Program crash
        
        PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
      4⤵
      PID:3836
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 228
      4⤵
      Program crash
      PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
      4⤵
      Program crash
      PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
      4⤵
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        5⤵
        
        PID:9836
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 228
      4⤵
      Program crash
      PID:4148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
    3⤵
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22770.exe
      4⤵
      PID:8988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 248
    3⤵
    PID:6448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
      4⤵
      Program crash
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
    3⤵
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4524
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 228
      4⤵
      PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
    3⤵
    PID:4388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
    3⤵
    PID:7084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
    3⤵
    PID:7728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 244
    3⤵
    PID:8684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
    3⤵
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8079.exe
      4⤵
      PID:3672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 248
      4⤵
      PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
    3⤵
    PID:3584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60682.exe
    3⤵
    PID:6676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
    3⤵
    PID:7616
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
    3⤵
    PID:8908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
  2⤵
  PID:1620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 224
    3⤵
    - Program crash
    PID:4536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
  2⤵
  PID:3532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
  2⤵
  PID:6084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
  2⤵
  PID:6724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
  2⤵
  PID:7656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
  2⤵
  PID:8844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60332.exe
  2⤵
  PID:9028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1852.exe

Filesize
468KB

MD5
c2c6506865f6d2ef9cc1146b19c6a7f7

SHA1
9b54eb8cfa0db58a64ec366bf90079955e485700

SHA256
a133fd2f6528b2cd8583add5e3ffb309e3c83317a9846165cbc288a5e4014a3c

SHA512
7db87426d1733afa207d9b0f798daeb0cf9054677d29f24dce1615d51cb1eef640ad832a744c5e17568a0943a79105de5b85583846b0ee244d0c7d70141f786b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe

Filesize
468KB

MD5
298baf3f5a6ff8c6ae55efd1d49b9fd4

SHA1
13b696a51b83aaadf39b711d30ca0e1fabd3ab65

SHA256
b403ba40245487cd6f2ad93a34b8d1a337d47b3e8c37684f69ef8502a2e4b331

SHA512
617b0dea6ec376a3d309708fa58dc8db6517256d9da1ea62990d3e394f24c5bc7a44c5467bda0da1be7e3fbfa437118370d4b5d6c028617ae045e99414b94c53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe

Filesize
468KB

MD5
d6baaa6e356a562d7c7980b1a75591c6

SHA1
dd0d37ca8b68083378d9cc65f4060223d20d0714

SHA256
c4d57bcd851fcdeadd20610b040e5a7eef39e303da088e74d0d8ba7c8c3746e4

SHA512
816eb817cd75b18085b6eb54a1bb9c5b856dd809b87d96178d7879dbc7560180e5dabb8f2262e4e0c98f4879e0c4fa8445abd953372161948e0c83d37ba77e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe

Filesize
468KB

MD5
de50903058711fd90c142875ac67048d

SHA1
0913e6f03f7a03cbf8c12d59932f15d94be3f0cb

SHA256
56f83b1436c8864bd794b812fef498cad9f5aead9024ba986142928e7888759e

SHA512
3a19080af264226c4f292aecf8bec83bb1b9b8296b5d6c033bb069e3aa24335ff8389f85d6c336dac0e62baa0d116cd57d8caafecb44a3f90300b45fb32ebec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53424.exe

Filesize
468KB

MD5
cd8082367b35bf4775fb28cfedd4281b

SHA1
bef6af387bea99ffa22614931efe6015bdedc777

SHA256
7ae60e39c8cbd022f80f03ee72be750b87c5ed3de26f69d0b8727bb5b48c9026

SHA512
88306be8fc904d07b6b65092cf1205ad9d5320c498c03ad8db6bed0f9b54c8652fb5a189188b43daede9733123cec50ed9250266b79406c72945d8653875d93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe

Filesize
468KB

MD5
a70932d4e6d21e369da23de7e6ae1752

SHA1
14eb398cc629878a392a7ef2cc2152c3cd071248

SHA256
0a158d17d74454395d2a8a8af499fb90bea477a54bd78454b1550cde61a747fc

SHA512
a04ff9f99f04e72e8c9c4a665e5f45e90c8366bdf4458a4a87258fcdb54593731ffd1ea266f8aae54752ba2cfd0e9f3e43d6d704c93de6fe4b8aca3792084236

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe

Filesize
468KB

MD5
42519d216f96ed81122f3a7ed48cf505

SHA1
5ef309a11f5b6644e27dd08f7a5217666f279c0c

SHA256
d27447f95eeab8b062e4201c79b0501def7d443b4046890ad741ddc1ea5d0a47

SHA512
412be062088393c046914de58172d91b16ec1efc79d637fa31918492d64172769888d61052c3424e2f0065eadffb7cfb5491bc52b5c241130f92b33ed000f581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56174.exe

Filesize
468KB

MD5
07442519055f619957680c04b724d6c6

SHA1
87a8b2b0eca16caa60617d912521dddd63dbfdbc

SHA256
a0aabed9c0c707b9b4442da51bf6602b5f0001122c7c55b16bfe5f28274c286c

SHA512
52e6cf624e13b95008020eaf6de03d8f2cd80c2c7ac33436d27d63c5570acfb5cca9cbe63cc0863fd6ea12541e7d844d259cc7ba695a41332b5715e8ad270673

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe

Filesize
468KB

MD5
d39c4667a75d0feb8339d7b9e8333231

SHA1
df402da8ee318149c143d4bee12c32b309bcd784

SHA256
fe4f0c24a4490b0c40efaa37a431d8cefbadd7454915283e9872e717582cfa04

SHA512
1fd14cdaa6a293b79069f98776dbf7b5a6be6ec5ace199631fa91c3bcbe49d053a3f0b60b979045b2f6a3e19b5af4de031efb9a07bb06f89c8ff490cafa90501

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe

Filesize
468KB

MD5
37b0b639062241fbdefb59826add6354

SHA1
52dc842211d16e5654c412235c75d82b61ceff13

SHA256
eabe2f23134a257604facd9d7b5607d378cb998823348b4af798f034b17111b6

SHA512
b325c9cc0ae320b3dfc2da3a4b2d6908f72f3df00e5aa2252d65e793f5c41dc2152ec92a0232d73e493905855d55d7887a8ad585cfbac30d3b3508c673d78c88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe

Filesize
468KB

MD5
f06949c0d8355d1fe0cc8a148eb8f99c

SHA1
4ce06091bda1ab281d8b15d5e7c8e0a64d43c089

SHA256
47065420c7af7c8b2ab4be295fd6d57e8ba0ffe444ba044220571c3e527ea235

SHA512
aeff61a5affec621d305620579b56151a80144d170926c2438df27b008eaf23a989c2676d95c136c7cb5473cf1e48df8c7dba3e16dc17c09a357872b016d3064

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe

Filesize
468KB

MD5
36c7738e7b1084aea68c01ccbe1a72f6

SHA1
fa1118ba6b9f7abf470b241f9d1a6b63a344dc9b

SHA256
bc52f563b5b1d72717f3a973b23113aa4ad8a8ebe1031ad0bf5f1e1a2a5e7900

SHA512
625b85b138ee80101798b872b7251921cabe52b9fcc288d3d564d11f7dbfb8258b8319054a29d2c541182cfe2e9db0caffc476032f03944c5fa6158fa47d4de3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe

Filesize
468KB

MD5
3991ca7a801767ae28d8fe3ee3a76c55

SHA1
d7b181aae0a47c3fc76b80f484be56ca606c7c79

SHA256
2f017cac2097e1abe39bbbfab0178cfdac0f601a13c88ea3496e95b2573217f8

SHA512
ae1ae26ddc83a64642bf04ba92895cdd67a5795798b9a36531af1c7a8b9f4586771aac97b88c8cb5ccea0e715e59f4c60bc12f27a716bfa559a47aa08ffaa1a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23693.exe

Filesize
468KB

MD5
0a2d7256f904949594f7e136db2278de

SHA1
8130e5578c28cb251240916b9d2809060a65c457

SHA256
3f3315689d2d234e4f3f6b3d615d0e0e1ae13c580054d6d642532fd812a90132

SHA512
70cefdfd7a77bc65d1c34caba31234c8a20771cd78734cabfcf5b9ce21466a63220eae6a27087ef4a9d554f496ab70656a732693f63306d4af2a51fae578ddbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe

Filesize
468KB

MD5
a38894115f5e29db2f4e4a206dea87f6

SHA1
9e9be5b2ce1dba534689e812972b8267ae91026d

SHA256
0c3b63ee663f56656d0d1d8d24e493ff532f50cba14a1bf9f0505c73962f43cc

SHA512
46caf28c580d157db6ee0b7f42a662a3b23778a0b3ea5e9c675b62cb675fb61abccde30f18a840bf1c6eed997119d8d5d56ea9ed608e12c48fe59bdb197822d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe

Filesize
468KB

MD5
8a1d3ce2ec0568553e7b6bbcc8fedf92

SHA1
bede2eddfd5a5bf7dc09d98d736f9635eaf40754

SHA256
1416e8f729d06fb9dc862986601409907dc575de3311b3d6870d76d7c56795f9

SHA512
341bda520bb9dd336dabdf269d27bcf7e16018ae8acd8055d361c82f00d1355edbf6aefc80213340235de896d63b04b1ef54189f86fbd423d24adffef815a0c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42215.exe

Filesize
468KB

MD5
6112dd032e4b2595eb69a729bc0e09d2

SHA1
b61edd67fe532d095a5ec8230084a6a3892cf45f

SHA256
3e943fa5c6c5c350b96c801f33ece9c4cc66b2ad55b612034a2b7184bf467317

SHA512
7d9dcf86b37bd8524876df650d1bd9d6114de60b546a54bf3c9349bd442a5c4e257282768f639a2644cb0a51ba0b8841fc020d1e3d77ade6420dbc4a4bae31b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45681.exe

Filesize
468KB

MD5
a365ce54c30a1dd780bf9e2e5c117601

SHA1
974dfe3d3476fb37ce4e3869ee3fdce46e757693

SHA256
ef82b058ec9c98b2da73170315668cfbbc31191956e5a5a9a0eec969211aac2f

SHA512
5592ae652b093320d7e02f0b5f0454652539248773f29468e84d50da10b3165a744dbacb6fcd06356f4572396fb0f4ef82057d0ed3bf280880ec8708180e6886

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe

Filesize
468KB

MD5
4ce051b80842212c3e2cfdfe5f309c82

SHA1
c31e0cba19df3adade9bde7cbf118fbbad98de36

SHA256
c81834d3535be09b49cd9de779bcfe4b8ddb4e6d64fd182d3d92afa66645d618

SHA512
05dbe63b510bac49bd6113d9bf998672f74f2d034b219bf6d74d7fc83e8697e780fc23e3a772101a3bdbcc14c874e0fd9179330c1e75746e345bb020325f72ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe

Filesize
468KB

MD5
a3ae29b111666f6e3f4952b6e3d76353

SHA1
d60687fdaaf9c00c06a7c5fbadd0bc7ef1e96835

SHA256
f287d072f49fcd275e824cc11056f34016f7040ae6e2f85f7d9473639249eaff

SHA512
b8a0484853d1e0181b0df3f4703e762343e6f00310ad52a086c11835b9eb422e0c0f0e4a1ed5b27998cbd22d589ef383d6e46a8fdb4bf787414518c19a22935d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe

Filesize
468KB

MD5
3012ae387a2f0eefb95c7dabb34ef0d6

SHA1
57f0cebbf954d8724809ab503465a060a09f2519

SHA256
72161ea1e79ed1133bc3330c869e49cfb4b04631e6f6139d23441040cebf8965

SHA512
305531c83ff3269358d85dd66b9402cfe5e93943b63230301ae753157ac861ff30128c037e1060b8b0f46c5b9b169ff80caca2f9755a2812d88e3377d3fde536

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe

Filesize
468KB

MD5
0ab7dfe268bd9aafae183cd44af1cf48

SHA1
50f7b311020a50fefe9065e40f68472a3b4193b1

SHA256
ab1c02eab2b51c997e141bd871985f73340156ff37bd4112d19a7944056e314a

SHA512
9b95878a4704dad9e59663a27cc1a5aa3a069ff703e30cfb7d9d077f585a5e58ac8a508c72d5d2a1811cdbc7eb18a2fe4ade6093620c962d86a77eac2939225d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-694.exe

Filesize
468KB

MD5
5b01e174cabdff9a89b0b61cf30021a0

SHA1
e8fb0827921f1f71b554d198707314666d647b7b

SHA256
7e72059c1d45f614509d86b132de5558abf9dc08e284c591888346acca61cde6

SHA512
ca8fcdb007151a46b98f16bbb200f0b231cafaa16d9b9822134f1f51d1b0d668595887a746316ee74d45f800125b672254961c173572e1fd4baef4d3967b46fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe

Filesize
468KB

MD5
abaa86a76d0a10e32ebce8efd8bed351

SHA1
be0df7cbc6d399504443d18e9dcef607488b6eee

SHA256
4b1ed0d71354f012b1f1ca95c74c2daa8265cfcb034a82bcf041ceb11802f889

SHA512
71c08c5156678aa3804401fa10e25eb52e0cf8d5bb88191e2a1315cf4643b14d9fd36345f158d21e34960afd1474659b8178ce512fccbfe4e6936c6f1c1dde97

Download Submit