6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
Size

468KB
MD5

b0f10d82b5d142b5439da06f70130780
SHA1

badc87eee382da6a5a00531db5b5f2912ee8a806
SHA256

6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23
SHA512

d2ab37ec429af21a213823fcb8ad5d82c0483e9964363102998f73d36c8303f3c069a9197c92fed8a77c836aefe03dd1d33ac6e20d4b4c76e570dc80ce5c00ec
SSDEEP

3072:1G3HogISIE5TtbY2HzcOcf8/yfctP0pkJVHeTVPyCN5LR7gElflL:1G3obMTtxH4OcfKY10CNVVgEl

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2784	Unicorn-62018.exe
2444	Unicorn-24913.exe
2700	Unicorn-32527.exe
2584	Unicorn-55744.exe
2688	Unicorn-47576.exe
3044	Unicorn-49614.exe
696	Unicorn-44047.exe
984	Unicorn-19118.exe
2160	Unicorn-60897.exe
2176	Unicorn-40882.exe
1748	Unicorn-33268.exe
2132	Unicorn-47004.exe
1044	Unicorn-53134.exe
1980	Unicorn-53134.exe
2908	Unicorn-61037.exe
2188	Unicorn-2262.exe
2308	Unicorn-2817.exe
2200	Unicorn-64675.exe
2036	Unicorn-17704.exe
1796	Unicorn-27919.exe
2092	Unicorn-11561.exe
1860	Unicorn-35511.exe
1684	Unicorn-64483.exe
1040	Unicorn-46101.exe
1292	Unicorn-10933.exe
1644	Unicorn-23451.exe
2972	Unicorn-24411.exe
292	Unicorn-15480.exe
376	Unicorn-16797.exe
464	Unicorn-63928.exe
2508	Unicorn-60399.exe
872	Unicorn-22896.exe
1556	Unicorn-26980.exe
2196	Unicorn-33101.exe
2804	Unicorn-36086.exe
2608	Unicorn-47592.exe
2596	Unicorn-63279.exe
2600	Unicorn-59460.exe
2620	Unicorn-55931.exe
304	Unicorn-51484.exe
592	Unicorn-17642.exe
2256	Unicorn-14535.exe
1220	Unicorn-16159.exe
2204	Unicorn-4312.exe
2104	Unicorn-40804.exe
2148	Unicorn-41069.exe
1232	Unicorn-41623.exe
2340	Unicorn-3742.exe
1852	Unicorn-20841.exe
2764	Unicorn-41815.exe
852	Unicorn-61681.exe
1760	Unicorn-63335.exe
1744	Unicorn-12096.exe
2136	Unicorn-20265.exe
2440	Unicorn-28987.exe
1132	Unicorn-27471.exe
2168	Unicorn-38521.exe
1200	Unicorn-26823.exe
1000	Unicorn-35698.exe
1652	Unicorn-58156.exe
1656	Unicorn-64286.exe
2492	Unicorn-15256.exe
2976	Unicorn-35122.exe
1448	Unicorn-2257.exe

Loads dropped DLL 64 IoCs

pid	Process
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
2784	Unicorn-62018.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
2784	Unicorn-62018.exe
2444	Unicorn-24913.exe
2700	Unicorn-32527.exe
2444	Unicorn-24913.exe
2700	Unicorn-32527.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
2784	Unicorn-62018.exe
2784	Unicorn-62018.exe
2584	Unicorn-55744.exe
2584	Unicorn-55744.exe
2700	Unicorn-32527.exe
2700	Unicorn-32527.exe
696	Unicorn-44047.exe
696	Unicorn-44047.exe
2444	Unicorn-24913.exe
2784	Unicorn-62018.exe
2784	Unicorn-62018.exe
2444	Unicorn-24913.exe
2688	Unicorn-47576.exe
3044	Unicorn-49614.exe
2688	Unicorn-47576.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
1272	WerFault.exe
984	Unicorn-19118.exe
984	Unicorn-19118.exe
2584	Unicorn-55744.exe
2584	Unicorn-55744.exe
2160	Unicorn-60897.exe
2160	Unicorn-60897.exe
2700	Unicorn-32527.exe
2700	Unicorn-32527.exe
2176	Unicorn-40882.exe
2176	Unicorn-40882.exe
696	Unicorn-44047.exe
696	Unicorn-44047.exe
1748	Unicorn-33268.exe
1748	Unicorn-33268.exe
2132	Unicorn-47004.exe
2444	Unicorn-24913.exe
2132	Unicorn-47004.exe
2444	Unicorn-24913.exe
2784	Unicorn-62018.exe
2784	Unicorn-62018.exe
2908	Unicorn-61037.exe
2908	Unicorn-61037.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
1980	Unicorn-53134.exe
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
1980	Unicorn-53134.exe
2688	Unicorn-47576.exe
2688	Unicorn-47576.exe
2188	Unicorn-2262.exe
2188	Unicorn-2262.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1272	3044	WerFault.exe	35
2432	1292	WerFault.exe	55
2820	1220	WerFault.exe	73
2752	2104	WerFault.exe	75
896	1760	WerFault.exe	83
1872	2340	WerFault.exe	79
1940	2136	WerFault.exe	85
2088	2584	WerFault.exe	34
1808	1724	WerFault.exe	114
2336	1000	WerFault.exe	90
2112	2036	WerFault.exe	49
3200	2256	WerFault.exe	72
3348	2040	WerFault.exe	112
3340	636	WerFault.exe	106
3400	1056	WerFault.exe	117
3424	492	WerFault.exe	109
3604	1756	WerFault.exe	136
3124	2440	WerFault.exe	86
4064	1132	WerFault.exe	87
4084	592	WerFault.exe	71
3132	2772	WerFault.exe	128
3108	1372	WerFault.exe	138
3236	2852	WerFault.exe	129
3112	1792	WerFault.exe	107
3960	2200	WerFault.exe	48
4092	1556	WerFault.exe	63
3460	2516	WerFault.exe	126
3184	852	WerFault.exe	81
3544	2308	WerFault.exe	47
3332	2804	WerFault.exe	65
4884	1720	WerFault.exe	137
5112	2196	WerFault.exe	64
4168	2776	WerFault.exe	146
4120	1744	WerFault.exe	84
5096	1200	WerFault.exe	89
4160	1592	WerFault.exe	122
4668	1040	WerFault.exe	54
4720	2740	WerFault.exe	130
4716	2000	WerFault.exe	140
4824	1508	WerFault.exe	141
4340	2904	WerFault.exe	102
4664	2976	WerFault.exe	94
4156	2496	WerFault.exe	96
5400	2508	WerFault.exe	61
5408	2620	WerFault.exe	69
5384	2972	WerFault.exe	58
5376	1684	WerFault.exe	53
5440	1680	WerFault.exe	145
5432	372	WerFault.exe	154
5472	1848	WerFault.exe	121
5464	1540	WerFault.exe	135
5480	2492	WerFault.exe	93
5488	1216	WerFault.exe	111
5448	1688	WerFault.exe	103
5456	2248	WerFault.exe	116
5496	2616	WerFault.exe	104
5504	1656	WerFault.exe	92
5728	832	WerFault.exe	156
5720	1316	WerFault.exe	155
5712	2896	WerFault.exe	147
5792	2296	WerFault.exe	134
5820	2744	WerFault.exe	131
5804	1852	WerFault.exe	80
5776	1596	WerFault.exe	120

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65126.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11886.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
2784	Unicorn-62018.exe
2444	Unicorn-24913.exe
2700	Unicorn-32527.exe
2584	Unicorn-55744.exe
696	Unicorn-44047.exe
2688	Unicorn-47576.exe
3044	Unicorn-49614.exe
984	Unicorn-19118.exe
2160	Unicorn-60897.exe
2176	Unicorn-40882.exe
1980	Unicorn-53134.exe
1748	Unicorn-33268.exe
2132	Unicorn-47004.exe
2908	Unicorn-61037.exe
2188	Unicorn-2262.exe
2308	Unicorn-2817.exe
2200	Unicorn-64675.exe
2036	Unicorn-17704.exe
1796	Unicorn-27919.exe
2092	Unicorn-11561.exe
1860	Unicorn-35511.exe
1684	Unicorn-64483.exe
1040	Unicorn-46101.exe
1644	Unicorn-23451.exe
1292	Unicorn-10933.exe
2972	Unicorn-24411.exe
376	Unicorn-16797.exe
292	Unicorn-15480.exe
464	Unicorn-63928.exe
2508	Unicorn-60399.exe
872	Unicorn-22896.exe
1556	Unicorn-26980.exe
2196	Unicorn-33101.exe
2804	Unicorn-36086.exe
2608	Unicorn-47592.exe
2600	Unicorn-59460.exe
2596	Unicorn-63279.exe
2620	Unicorn-55931.exe
304	Unicorn-51484.exe
592	Unicorn-17642.exe
2256	Unicorn-14535.exe
1220	Unicorn-16159.exe
2148	Unicorn-41069.exe
2204	Unicorn-4312.exe
2104	Unicorn-40804.exe
1232	Unicorn-41623.exe
2340	Unicorn-3742.exe
1852	Unicorn-20841.exe
2764	Unicorn-41815.exe
852	Unicorn-61681.exe
1760	Unicorn-63335.exe
1744	Unicorn-12096.exe
2136	Unicorn-20265.exe
2440	Unicorn-28987.exe
1132	Unicorn-27471.exe
2168	Unicorn-38521.exe
1200	Unicorn-26823.exe
1000	Unicorn-35698.exe
1656	Unicorn-64286.exe
1652	Unicorn-58156.exe
2976	Unicorn-35122.exe
2492	Unicorn-15256.exe
1448	Unicorn-2257.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2784	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	30
PID 2192 wrote to memory of 2784	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	30
PID 2192 wrote to memory of 2784	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	30
PID 2192 wrote to memory of 2784	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	30
PID 2192 wrote to memory of 2444	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	32
PID 2192 wrote to memory of 2444	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	32
PID 2192 wrote to memory of 2444	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	32
PID 2192 wrote to memory of 2444	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	32
PID 2784 wrote to memory of 2700	2784	Unicorn-62018.exe	31
PID 2784 wrote to memory of 2700	2784	Unicorn-62018.exe	31
PID 2784 wrote to memory of 2700	2784	Unicorn-62018.exe	31
PID 2784 wrote to memory of 2700	2784	Unicorn-62018.exe	31
PID 2444 wrote to memory of 2688	2444	Unicorn-24913.exe	33
PID 2444 wrote to memory of 2688	2444	Unicorn-24913.exe	33
PID 2444 wrote to memory of 2688	2444	Unicorn-24913.exe	33
PID 2444 wrote to memory of 2688	2444	Unicorn-24913.exe	33
PID 2700 wrote to memory of 2584	2700	Unicorn-32527.exe	34
PID 2700 wrote to memory of 2584	2700	Unicorn-32527.exe	34
PID 2700 wrote to memory of 2584	2700	Unicorn-32527.exe	34
PID 2700 wrote to memory of 2584	2700	Unicorn-32527.exe	34
PID 2192 wrote to memory of 3044	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	35
PID 2192 wrote to memory of 3044	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	35
PID 2192 wrote to memory of 3044	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	35
PID 2192 wrote to memory of 3044	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	35
PID 2784 wrote to memory of 696	2784	Unicorn-62018.exe	36
PID 2784 wrote to memory of 696	2784	Unicorn-62018.exe	36
PID 2784 wrote to memory of 696	2784	Unicorn-62018.exe	36
PID 2784 wrote to memory of 696	2784	Unicorn-62018.exe	36
PID 2584 wrote to memory of 984	2584	Unicorn-55744.exe	37
PID 2584 wrote to memory of 984	2584	Unicorn-55744.exe	37
PID 2584 wrote to memory of 984	2584	Unicorn-55744.exe	37
PID 2584 wrote to memory of 984	2584	Unicorn-55744.exe	37
PID 2700 wrote to memory of 2160	2700	Unicorn-32527.exe	38
PID 2700 wrote to memory of 2160	2700	Unicorn-32527.exe	38
PID 2700 wrote to memory of 2160	2700	Unicorn-32527.exe	38
PID 2700 wrote to memory of 2160	2700	Unicorn-32527.exe	38
PID 696 wrote to memory of 2176	696	Unicorn-44047.exe	39
PID 696 wrote to memory of 2176	696	Unicorn-44047.exe	39
PID 696 wrote to memory of 2176	696	Unicorn-44047.exe	39
PID 696 wrote to memory of 2176	696	Unicorn-44047.exe	39
PID 2784 wrote to memory of 2132	2784	Unicorn-62018.exe	41
PID 2784 wrote to memory of 2132	2784	Unicorn-62018.exe	41
PID 2784 wrote to memory of 2132	2784	Unicorn-62018.exe	41
PID 2784 wrote to memory of 2132	2784	Unicorn-62018.exe	41
PID 2444 wrote to memory of 1748	2444	Unicorn-24913.exe	40
PID 2444 wrote to memory of 1748	2444	Unicorn-24913.exe	40
PID 2444 wrote to memory of 1748	2444	Unicorn-24913.exe	40
PID 2444 wrote to memory of 1748	2444	Unicorn-24913.exe	40
PID 3044 wrote to memory of 1272	3044	Unicorn-49614.exe	44
PID 3044 wrote to memory of 1272	3044	Unicorn-49614.exe	44
PID 3044 wrote to memory of 1272	3044	Unicorn-49614.exe	44
PID 3044 wrote to memory of 1272	3044	Unicorn-49614.exe	44
PID 2688 wrote to memory of 1980	2688	Unicorn-47576.exe	42
PID 2688 wrote to memory of 1980	2688	Unicorn-47576.exe	42
PID 2688 wrote to memory of 1980	2688	Unicorn-47576.exe	42
PID 2688 wrote to memory of 1980	2688	Unicorn-47576.exe	42
PID 2192 wrote to memory of 2908	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	45
PID 2192 wrote to memory of 2908	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	45
PID 2192 wrote to memory of 2908	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	45
PID 2192 wrote to memory of 2908	2192	6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe	45
PID 984 wrote to memory of 2188	984	Unicorn-19118.exe	46
PID 984 wrote to memory of 2188	984	Unicorn-19118.exe	46
PID 984 wrote to memory of 2188	984	Unicorn-19118.exe	46
PID 984 wrote to memory of 2188	984	Unicorn-19118.exe	46

C:\Users\Admin\AppData\Local\Temp\6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe
"C:\Users\Admin\AppData\Local\Temp\6e9302ccecbf99464b5426c447bcd160e0bfc03b8081c6c45b105b8ee94ecb23N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23703.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
        10⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 248
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8212.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56530.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        9⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 248
        9⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        9⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 228
        9⤵
        Program crash
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
        8⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        8⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 240
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26823.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        8⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 220
        9⤵
        Program crash
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        8⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        8⤵
        Program crash
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 228
        8⤵
        Program crash
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38560.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        7⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 220
        8⤵
        Program crash
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34389.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        8⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
        7⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 248
        7⤵
        Program crash
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
        8⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        8⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        8⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        7⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        7⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        7⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        7⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49585.exe
        7⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26321.exe
        6⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        6⤵
        
        PID:8596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 248
        6⤵
        
        PID:9576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64286.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        8⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        9⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
        9⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        9⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 244
        8⤵
        Program crash
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
        7⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        8⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 220
        8⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9961.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
        8⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 224
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        7⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 244
        7⤵
        Program crash
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21687.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        7⤵
        
        PID:8500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 248
        6⤵
        Program crash
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        6⤵
        
        PID:492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 492 -s 244
        7⤵
        Program crash
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
        6⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        7⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        7⤵
        
        PID:8836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
        6⤵
        Program crash
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        7⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 228
        7⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        6⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45028.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        6⤵
        
        PID:9628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 244
        5⤵
        Program crash
        
        PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26980.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        9⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 224
        9⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        8⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        8⤵
        Program crash
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25217.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 228
        8⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 244
        7⤵
        Program crash
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        7⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        7⤵
        Program crash
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        7⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 228
        7⤵
        
        PID:8960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        6⤵
        Program crash
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        8⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55429.exe
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42624.exe
        7⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 224
        7⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        7⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 228
        7⤵
        
        PID:7588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 244
        6⤵
        Program crash
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        6⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        7⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 248
        7⤵
        Program crash
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45628.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27653.exe
        6⤵
        
        PID:7840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 248
        6⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
        5⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 248
        6⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64731.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24257.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        5⤵
        
        PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51769.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2937.exe
        5⤵
        
        PID:9520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        8⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 224
        8⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        7⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        7⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        6⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 228
        7⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        6⤵
        
        PID:5836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 244
        6⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        5⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19812.exe
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8776.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
        7⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        6⤵
        
        PID:4140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 224
        6⤵
        Program crash
        
        PID:5488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 244
        5⤵
        Program crash
        
        PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        5⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        8⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 228
        8⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        7⤵
        Program crash
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56545.exe
        7⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
        6⤵
        
        PID:3408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 248
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        5⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        6⤵
        
        PID:5052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 248
        6⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        5⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33636.exe
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
        5⤵
        
        PID:7188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 244
        5⤵
        
        PID:8368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32195.exe
      4⤵
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        5⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        6⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57807.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        6⤵
        
        PID:2396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 224
        6⤵
        
        PID:9568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        5⤵
        Program crash
        
        PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        5⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 244
        5⤵
        
        PID:6984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
      4⤵
      PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48655.exe
      4⤵
      PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
      4⤵
      PID:8508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 188
        5⤵
        
        PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
      4⤵
      PID:9544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        8⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
        9⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 228
        9⤵
        Program crash
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
        8⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 224
        8⤵
        Program crash
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        8⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 248
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        7⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        7⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        7⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24192.exe
        6⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
        8⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42311.exe
        7⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 244
        7⤵
        Program crash
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        6⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 224
        7⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        6⤵
        
        PID:6704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        6⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        8⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 228
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        7⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 244
        7⤵
        Program crash
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        6⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63937.exe
        7⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        7⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        6⤵
        
        PID:3120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 248
        6⤵
        Program crash
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45001.exe
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        6⤵
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        6⤵
        
        PID:5612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 248
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        5⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        5⤵
        
        PID:5972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 244
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        6⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        8⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        8⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
        7⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        7⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        7⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
        7⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 228
        7⤵
        Program crash
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45554.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        6⤵
        
        PID:4628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 224
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        5⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17383.exe
        7⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 248
        7⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
        6⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
        6⤵
        
        PID:7176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 248
        6⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        6⤵
        
        PID:5876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 224
        6⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35776.exe
        5⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11015.exe
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        5⤵
        
        PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17642.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        5⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23345.exe
        6⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        7⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 248
        7⤵
        Program crash
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
        6⤵
        
        PID:4732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 248
        6⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
        5⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        6⤵
        
        PID:8480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
        5⤵
        Program crash
        
        PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
      4⤵
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        6⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40681.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        5⤵
        
        PID:7364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 248
        5⤵
        
        PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
      4⤵
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        5⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46214.exe
        5⤵
        
        PID:7544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 228
        5⤵
        
        PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
      4⤵
      PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
      4⤵
      PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
      4⤵
      PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
      4⤵
      PID:9528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        7⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
        7⤵
        Program crash
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14714.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8595.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        6⤵
        
        PID:5536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 244
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        5⤵
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        7⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
        6⤵
        
        PID:4296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 244
        6⤵
        Program crash
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        5⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        6⤵
        
        PID:7636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 228
        6⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        5⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 244
        5⤵
        Program crash
        
        PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        7⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        7⤵
        
        PID:8680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        6⤵
        Program crash
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
        5⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57803.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
        6⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        6⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        5⤵
        
        PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        5⤵
        
        PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        5⤵
        Program crash
        
        PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5795.exe
      4⤵
      PID:4212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 248
      4⤵
      PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1292
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 244
      4⤵
      Program crash
      PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 220
      4⤵
      Program crash
      PID:1872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
    3⤵
    PID:2852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 224
      4⤵
      Program crash
      PID:3236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
    3⤵
    PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
    3⤵
    PID:6920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
    3⤵
    PID:7804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
    3⤵
    PID:8612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31840.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60888.exe
        8⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        7⤵
        Program crash
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        6⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59761.exe
        8⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        7⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 244
        7⤵
        Program crash
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        6⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        7⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-843.exe
        6⤵
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 244
        6⤵
        Program crash
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        6⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
        7⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 228
        7⤵
        Program crash
        
        PID:4720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        6⤵
        Program crash
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34030.exe
        6⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        7⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 220
        7⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
        6⤵
        
        PID:4804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        6⤵
        Program crash
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        5⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 220
        6⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        5⤵
        
        PID:5088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 248
        5⤵
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
        6⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 244
        7⤵
        Program crash
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57698.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45032.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        7⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
        7⤵
        
        PID:8968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 244
        6⤵
        Program crash
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        5⤵
        
        PID:1056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 244
        6⤵
        Program crash
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        6⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        5⤵
        
        PID:5100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 244
        5⤵
        
        PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 244
        5⤵
        Program crash
        
        PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        5⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14682.exe
        6⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        5⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30249.exe
        5⤵
        
        PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54797.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
      4⤵
      PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
      4⤵
      PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
      4⤵
      PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
      4⤵
      PID:8536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35511.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        8⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 228
        8⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
        7⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 244
        7⤵
        Program crash
        
        PID:5496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 228
        6⤵
        Program crash
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        5⤵
        
        PID:636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
        6⤵
        Program crash
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 224
        6⤵
        
        PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        5⤵
        
        PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16159.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 244
        5⤵
        Program crash
        
        PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
      4⤵
      PID:2040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220
        5⤵
        Program crash
        
        PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        5⤵
        
        PID:7652
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        5⤵
        
        PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
      4⤵
      PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
      4⤵
      PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
      4⤵
      PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11347.exe
      4⤵
      PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
        6⤵
        
        PID:4244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 224
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
        5⤵
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        5⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        5⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45063.exe
        5⤵
        
        PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
      4⤵
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        5⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13152.exe
        5⤵
        
        PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
      4⤵
      PID:996
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
      4⤵
      Program crash
      PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 224
      4⤵
      Program crash
      PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38116.exe
    3⤵
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37621.exe
      4⤵
      PID:3508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 224
        5⤵
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
      4⤵
      PID:4324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
      4⤵
      Program crash
      PID:5776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
      4⤵
      PID:8540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
    3⤵
    PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
    3⤵
    PID:6032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
    3⤵
    PID:7108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
    3⤵
    PID:8064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
    3⤵
    PID:8464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe
    3⤵
    - Executes dropped EXE
    PID:1044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23451.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
        5⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        6⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        7⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 228
        7⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        6⤵
        
        PID:4188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        6⤵
        Program crash
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        5⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
        6⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        6⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        5⤵
        
        PID:4444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        5⤵
        Program crash
        
        PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
      4⤵
      PID:1756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 244
        5⤵
        Program crash
        
        PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31765.exe
      4⤵
      PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        5⤵
        
        PID:4852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 248
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
      4⤵
      PID:4936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 244
      4⤵
      PID:5884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
      4⤵
      PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        5⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        6⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
        5⤵
        
        PID:5956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 228
        5⤵
        
        PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
      4⤵
      PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
        5⤵
        
        PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
      4⤵
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14704.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
      4⤵
      PID:8448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
    3⤵
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 224
        5⤵
        
        PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
      4⤵
      PID:5900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 228
      4⤵
      PID:7148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
    3⤵
    PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
      4⤵
      PID:7820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
      4⤵
      PID:9032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
    3⤵
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
    3⤵
    PID:5596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
    3⤵
    PID:6404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 248
    3⤵
    PID:7644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20265.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 244
      4⤵
      Program crash
      PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
    3⤵
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        5⤵
        
        PID:8432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
      4⤵
      Program crash
      PID:4884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
    3⤵
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14460.exe
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
    3⤵
    PID:6912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
    3⤵
    PID:8912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
    3⤵
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
      4⤵
      PID:4620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 228
      4⤵
      Program crash
      PID:5712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
    3⤵
    - Program crash
    PID:4064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
  2⤵
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
    3⤵
    PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11762.exe
    3⤵
    PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14724.exe
    3⤵
    PID:6400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 248
    3⤵
    PID:7776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
  2⤵
  PID:3504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
  2⤵
  PID:4780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11501.exe
  2⤵
  PID:6352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17004.exe
  2⤵
  PID:7200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29480.exe
  2⤵
  PID:8256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
  2⤵
  PID:9536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe

Filesize
468KB

MD5
98758bb925c360ea9c65ca5eabffd5bb

SHA1
b01cc59a322a9fca0893beda32cfaf6d9ab60c05

SHA256
e19c6873ee8cb51e2606792fd1ca1b688eadedd84360534770ff2d497058d1a3

SHA512
b50bbb6e8ecaeef74723f4f316859848cefc43552260b21c92447d2d392a1d34d8d0b23978e760e8713bb040792cc92ae18ee9eac6fcad4433b0142e56021b66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe

Filesize
468KB

MD5
392ee24eeeb5554c87337a736894f440

SHA1
002a35dd5290e81c0a58488fbf58b3c935f8ec9e

SHA256
de72c13f95fecaeb6deb508f1295e12257733e2569dec96f3d6a05d3862415f9

SHA512
d856a2af0eea76fbd7f2182478783a005f795e0a0ed2d1e64a6a157dc7d717ece757579f8367d821ff9aa7678d120ccd645f6f7f62d94817f6ffe3a5c61a3163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33268.exe

Filesize
468KB

MD5
350cc7bc2f7f15e78fe68f840bf41af1

SHA1
6ae64efd01bedb4ddd5d31821a928a6dfc75d2f8

SHA256
beb4495e48f2d3d025b08b414825ab1ff93edc7c4986fb4b3aae13b9a0364182

SHA512
867faf8ce516e24422e37ff1c46f4804ff6cacc63c3df666943fa3fd49d6fffdb27cf7e22533c112e25195f40ef4137f85a066d85cfbcc7b2d9e214e29e47c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe

Filesize
468KB

MD5
c4c7f7b93e4121f2eb069bf3ed8874e3

SHA1
92142d56b0b5872e74fdf260629509b81712a0ca

SHA256
f3dca33cd916eaa983790f2e477b31f1f5f72778a07c5682284e1452750122f0

SHA512
c7d5142a91ce87f1234236fa62047317e2c519700d9b8decb3145be8848f4de58ebee48bebcc0290c218dab55cdce9e943f101f6864ba29cebc039aef44b927e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40882.exe

Filesize
468KB

MD5
cee0c977000d9f3454b5503883c59524

SHA1
89b835ad7b74fb5f46c2c2d0c0612508f2ccef6c

SHA256
1d2179572ba83a86709233468f5afa3996d7df58fb64031c98106057bc84e2e8

SHA512
7193d4b2b9754e45b864589ae02a8195f5c221b01917eb5660b2c7d0d688b66e960282770a058ceeb8b8c6b5780b34f4a32e1b7544a96e12bd54a0a25fa6f660

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe

Filesize
468KB

MD5
2e6c8232bd6fdbbfc9e897be7c73a4a2

SHA1
0f1092cf1da411af190586b52c9fcd745529e523

SHA256
8deb74cac2a95106114d1991d279f4250a180aa55b565dd4632c388c4762797f

SHA512
73c14b9a2d8f7a9d7eb6f568b19869faf684917cc4fbf581e3f21ed3fae99efd0fd90421af7301ca60b4072124799c9147ea37902c57290a2e119763c4d3403b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe

Filesize
468KB

MD5
4e29538d65a9fcfed52c7b19dadeae9d

SHA1
131b9de7f3a178decd784525e7b85db9fe13166e

SHA256
7f5b7fc4728e5389e6c4524675301a38503fdd164b9cee843b2402554d507b35

SHA512
fcfadbf1f4375b59218d1149a1fdbbb464f9b0699fd7d6a30b8eea9ffbdb6291483c11b352a0812bdb865563794540a6e3a6b78531e82f87b6e23a407f3c1848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53134.exe

Filesize
468KB

MD5
ebe9170b8dd2f8934f800336a56a8643

SHA1
8e8a663d10f1428f9f740dc02cfa491bf84de0e4

SHA256
e7bfc558a4a639ffb10e6a1305903c1b297229694964ce07f482a769513a4e9a

SHA512
839e87b96d3b2e7c7a3c07cc820f7f9f144abd981b043b22d45d48319884c37441aaab8f3b15bba74f5895f3db7d899bd22c3f8ce6a3b5c0adf92fef64b7437e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe

Filesize
468KB

MD5
1bec0f493140517f2a02f195339a42ca

SHA1
ff022b4b510ab00d438babe9587018bac467da5e

SHA256
7b11b9c16aa8fa41c0eff4575ff84defa2c8a3f630bb4f58cb175c3856b38bdb

SHA512
d6e924c487bb65cd5ebfe4e160954f3a9aa13203260b7ece50c65abd401a884a2a600b10349c918174ffe43fb88242aaaa4c1256f8992e917a2c756529168345

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe

Filesize
468KB

MD5
8f52a01b5ab057733ea859e438d67469

SHA1
98b03ebdeab48e4b0a2d9daca46234db108169e1

SHA256
98947db8caf428ec73c6a6ce2a54e058bba7b0c578bc31255af2ed92ace7bd33

SHA512
27cc224cb4b07746092925da4e99a415a7c8297f20a259908d4d4e6c8ae3e3dcb31539acf3cb7a7dade0a6c21b53bfe62432ad265727369b4b82e07edef02bda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe

Filesize
468KB

MD5
35d5a451dbc10ca668467fe38fa36bcc

SHA1
cb0572ff4744f1f40d60274d6282882d2c4919ac

SHA256
cf4502d84d532dd8e98664b709fbe9ca888ebe984e898694486be898970e1a62

SHA512
7bb190d73daa968eafb9c3433ebb1b59fa34be33a9437969fd685df0552a239dcf6422eb400138d9a3fb793781d2a4936b3d81dc71f757d5495435034bea400f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe

Filesize
468KB

MD5
c903185d9bb0714cd63328e49acea3e9

SHA1
e536e87deed610f0e67e43071265e0a9670fd13b

SHA256
599714c7dfda835b10ae63d41fd86836527b19dba07d4cb04257f8e3cb3f9953

SHA512
ecbfecd87f67aa4b6e24053c398aafd7317e53ade6b1ac73dac0e7a304425b25cd78eeacd18a052a483e4d1b2fb81055135381bfe5bde0b0a8898da9fb352a8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe

Filesize
468KB

MD5
ec4d8e2a70bcefa46ca3bd7940de6d80

SHA1
53989bd3320f3e4fc30a58119dfd86f90a82d574

SHA256
ef09dfcb3bf9aff64b378b7229ca21e7b3f1458a4194ce688d8d54c776aae375

SHA512
ce3be078102543d9ca3f6c54b4a52b1d4cc7c8de1af9d4b96b45c57d4ca19dde2c4e1af4064e5266a8fce278ebad31f262bd4dbc6c67710b71b1fc1230881748

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe

Filesize
468KB

MD5
272dee2c9316cb7c7fbd7766d0a451b3

SHA1
ce1673b459950001cf109c4eb2e0568e70d9de43

SHA256
6a0a69a5eb10aa70fdb179d97fcbc5324290504753d2757d995baf218d2d7a96

SHA512
5edc78b7bc3ecc1f3811703b298dc93701c51168b2a4b489164beb216098f8b72196d97abf43cddb26b0915b2ed95ca28d30cc0de5812061442bfbca7ac0c5bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe

Filesize
468KB

MD5
04eb6f776ba436fdd5c8fe67a17de462

SHA1
a45e3dffe59b32a21b1231df95267a02cbecacab

SHA256
450871fba2862a23de00cbc89112972e6af76635eb2172da0b21749de4dcc611

SHA512
d49bcb647b20e377f88d5fcce4946490d96c5642a3e9a91be227ee70c4bb2fd577ad0007b20512938bc580e63b5e39bb8df941e74a587e8a8ebda5d19ac8d197

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe

Filesize
468KB

MD5
5ee1bb64f3eccea7d95ff9d7ffaa9803

SHA1
248b8fa659ac004a5f461f1ddf8d4070f3603b6d

SHA256
1e6e5b35d49d5eb435101e771f4f7823abc8f89984189d5d28da16918ac3ee79

SHA512
63416c85c8b0ee3f3c71099b07809722f500f99a5d92cc7f18e1f75af92b5664de014df2fadfc08d49d4aa723a69babfce81b36761d6ec82372bb2f42b74b7e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe

Filesize
468KB

MD5
4e5236f4abc883fb7dbf63a6c58e96c0

SHA1
477dfb1a1cafa483172aad07746149f8b6e5430f

SHA256
de1d1435d30397371fd8da03cba396c209a3287aa7369e1531f9bb3e28e41445

SHA512
8f48de1b9c88525a67d94a78246a6d6830b809481f8e9823c55e9940be4ac6ca2bc52b92bdfbaa8ff0c5673d4fa795cce38c92eda356d5b3b052f85208e438e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe

Filesize
468KB

MD5
5990d77e48e4f223aeb3cb99f799f2c1

SHA1
50ddf8c75546a73ceeb720fb2763d72687c1c9cf

SHA256
eacb3c00bb3ecaa574453e2d14b6bbed4a30c02593f89e80dcd8fc5f2c81a43c

SHA512
4e483f32f1188ab2fa17b7b15900e76e053c2af845324904d74ce7ab97f844f67ee2ae98f156cc83bfce186225c7890b206f313eea0c88fdfef3a5e7bf627296

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe

Filesize
468KB

MD5
1daba613361845d3e0f358ec82a4612a

SHA1
30d395613bded4ee8cfa0932654448bd24285e1c

SHA256
848ea988d7fbc2d3b55278fed18351127595645788af30441b8bc73aff31eeca

SHA512
f859b38c58b8a96ab545ba5ff560af0d61e7b3ccf9ef6b6ebb4d2307db68e8bb82c80de76d86c7773dc755127f3ccfa4dc2caaec1f9e3db545901bfb0ce4b5cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe

Filesize
468KB

MD5
6e3f0beaa020c0a9e4dec489993bdc25

SHA1
f7b3efdf1163e6dca533baa71048a304b1e088d2

SHA256
deeb39ec640593c644b0055c6205819d3c28e553905f6308b7c299e87809c6fb

SHA512
e38b7269b25c4f59b63cec0ba6e9447f0c9f8fc55077d74767fb92ff54ceed4c8a66648348bf1e1a73f4c4279aaa4a4fb96a1fd365f41f289b5945f40608ae61

Download Submit