70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
Size

468KB
MD5

b33606c7f89801666b13074bacc4a480
SHA1

44dc51bcfe3eff3c4ff4b9d3e9061b10db1369ef
SHA256

70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0
SHA512

01934649427d6355e2e3378c0af85a2991c3e9a969b64222912bdee54082f8eb04a622866f34152940a069f491b15a8f4deb5bbe62c76a03b8bb1c20445e1995
SSDEEP

3072:1G3HogLSIE5TtbY2HzcOcf8/uChaP0pWJVHeTVPMQ7QL6JOgE2lu:1G3okMTtxH4Ocf5YnKQ7aiOgE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1032	Unicorn-53757.exe
2100	Unicorn-13082.exe
2884	Unicorn-54670.exe
1964	Unicorn-44624.exe
2784	Unicorn-28842.exe
2632	Unicorn-28096.exe
2748	Unicorn-5629.exe
2776	Unicorn-27385.exe
2532	Unicorn-3627.exe
2604	Unicorn-3072.exe
2568	Unicorn-11795.exe
2980	Unicorn-31661.exe
664	Unicorn-61136.exe
1804	Unicorn-55271.exe
2284	Unicorn-26830.exe
1560	Unicorn-32428.exe
1584	Unicorn-24967.exe
3016	Unicorn-51724.exe
2588	Unicorn-8438.exe
2676	Unicorn-53555.exe
2460	Unicorn-32294.exe
1688	Unicorn-24945.exe
1472	Unicorn-48895.exe
2008	Unicorn-21053.exe
2352	Unicorn-34788.exe
1540	Unicorn-40919.exe
900	Unicorn-22536.exe
684	Unicorn-18828.exe
1504	Unicorn-52247.exe
1940	Unicorn-15704.exe
1720	Unicorn-58966.exe
1328	Unicorn-7727.exe
2088	Unicorn-56352.exe
2948	Unicorn-16066.exe
2096	Unicorn-59475.exe
2168	Unicorn-3067.exe
2996	Unicorn-29993.exe
2708	Unicorn-31277.exe
2696	Unicorn-44292.exe
2528	Unicorn-48931.exe
2520	Unicorn-53420.exe
2744	Unicorn-45252.exe
2496	Unicorn-44987.exe
832	Unicorn-53975.exe
980	Unicorn-12387.exe
2300	Unicorn-41360.exe
1440	Unicorn-21494.exe
1056	Unicorn-45444.exe
1520	Unicorn-62335.exe
1196	Unicorn-10533.exe
2720	Unicorn-60939.exe
2200	Unicorn-19631.exe
2680	Unicorn-39497.exe
1848	Unicorn-6995.exe
480	Unicorn-20730.exe
744	Unicorn-26596.exe
1336	Unicorn-26861.exe
1304	Unicorn-6632.exe
1936	Unicorn-61955.exe
2148	Unicorn-2548.exe
1632	Unicorn-64001.exe
1324	Unicorn-12195.exe
2876	Unicorn-15725.exe
2888	Unicorn-19576.exe

Loads dropped DLL 64 IoCs

pid	Process
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
1032	Unicorn-53757.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
1032	Unicorn-53757.exe
2100	Unicorn-13082.exe
2100	Unicorn-13082.exe
1032	Unicorn-53757.exe
1032	Unicorn-53757.exe
2884	Unicorn-54670.exe
2884	Unicorn-54670.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
1964	Unicorn-44624.exe
1964	Unicorn-44624.exe
2100	Unicorn-13082.exe
2100	Unicorn-13082.exe
2632	Unicorn-28096.exe
2632	Unicorn-28096.exe
2884	Unicorn-54670.exe
2784	Unicorn-28842.exe
2884	Unicorn-54670.exe
2784	Unicorn-28842.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
1032	Unicorn-53757.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
1032	Unicorn-53757.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2776	Unicorn-27385.exe
2776	Unicorn-27385.exe
1964	Unicorn-44624.exe
1964	Unicorn-44624.exe
664	Unicorn-61136.exe
664	Unicorn-61136.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
1804	Unicorn-55271.exe
1804	Unicorn-55271.exe
2980	Unicorn-31661.exe
2980	Unicorn-31661.exe
1032	Unicorn-53757.exe
1032	Unicorn-53757.exe
2784	Unicorn-28842.exe
2784	Unicorn-28842.exe
2604	Unicorn-3072.exe
2604	Unicorn-3072.exe
2632	Unicorn-28096.exe
2632	Unicorn-28096.exe
2100	Unicorn-13082.exe
2568	Unicorn-11795.exe
2100	Unicorn-13082.exe
2568	Unicorn-11795.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2560	WerFault.exe
2884	Unicorn-54670.exe
2884	Unicorn-54670.exe
2560	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2924	2748	WerFault.exe	34
2560	2532	WerFault.exe	36
2780	2460	WerFault.exe	49
1820	2676	WerFault.exe	48
2804	1504	WerFault.exe	60
2196	1328	WerFault.exe	63
444	1560	WerFault.exe	44
1788	1720	WerFault.exe	62
1808	2520	WerFault.exe	73
2176	1472	WerFault.exe	51
2800	2588	WerFault.exe	47
3012	832	WerFault.exe	76
2812	1324	WerFault.exe	99
1672	1632	WerFault.exe	98
2672	1708	WerFault.exe	115
2572	2624	WerFault.exe	129
2664	1440	WerFault.exe	80
2004	2568	WerFault.exe	38
2828	2148	WerFault.exe	97
1960	2088	WerFault.exe	64
3644	2580	WerFault.exe	106
3152	1416	WerFault.exe	185
3304	2168	WerFault.exe	68
3340	1288	WerFault.exe	141
3516	1688	WerFault.exe	50
3524	2600	WerFault.exe	167
3284	1848	WerFault.exe	89
3824	2904	WerFault.exe	132
3252	2252	WerFault.exe	109
3612	1304	WerFault.exe	93
3624	2936	WerFault.exe	179
3928	2948	WerFault.exe	65
4176	2692	WerFault.exe	104
4148	1736	WerFault.exe	110
4132	2876	WerFault.exe	100
5056	1600	WerFault.exe	154
5068	2684	WerFault.exe	143
4380	2996	WerFault.exe	69
4468	2444	WerFault.exe	158
4460	2512	WerFault.exe	170
4432	264	WerFault.exe	180
4512	1548	WerFault.exe	147
4504	2808	WerFault.exe	118
4888	2776	WerFault.exe	35
4904	1892	WerFault.exe	137
4968	2540	WerFault.exe	108
4956	480	WerFault.exe	91
4928	2544	WerFault.exe	131
5028	2796	WerFault.exe	130
5036	2464	WerFault.exe	134
4284	3172	WerFault.exe	187
4652	1916	WerFault.exe	138
4620	2308	WerFault.exe	149
5248	2632	WerFault.exe	33
5216	2536	WerFault.exe	184
5208	540	WerFault.exe	150
5200	1592	WerFault.exe	140
5172	2272	WerFault.exe	148
5156	2680	WerFault.exe	87
5140	1988	WerFault.exe	102
5132	2296	WerFault.exe	112
5124	1624	WerFault.exe	151
5260	2496	WerFault.exe	75
5524	1936	WerFault.exe	96

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36154.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
1032	Unicorn-53757.exe
2100	Unicorn-13082.exe
2884	Unicorn-54670.exe
1964	Unicorn-44624.exe
2632	Unicorn-28096.exe
2784	Unicorn-28842.exe
2748	Unicorn-5629.exe
2776	Unicorn-27385.exe
2532	Unicorn-3627.exe
664	Unicorn-61136.exe
2980	Unicorn-31661.exe
2604	Unicorn-3072.exe
1804	Unicorn-55271.exe
2568	Unicorn-11795.exe
2284	Unicorn-26830.exe
1560	Unicorn-32428.exe
1584	Unicorn-24967.exe
3016	Unicorn-51724.exe
2588	Unicorn-8438.exe
2676	Unicorn-53555.exe
2460	Unicorn-32294.exe
1688	Unicorn-24945.exe
1472	Unicorn-48895.exe
900	Unicorn-22536.exe
2008	Unicorn-21053.exe
1540	Unicorn-40919.exe
2352	Unicorn-34788.exe
684	Unicorn-18828.exe
1504	Unicorn-52247.exe
1940	Unicorn-15704.exe
1720	Unicorn-58966.exe
1328	Unicorn-7727.exe
2088	Unicorn-56352.exe
2948	Unicorn-16066.exe
2096	Unicorn-59475.exe
2168	Unicorn-3067.exe
2708	Unicorn-31277.exe
2996	Unicorn-29993.exe
2696	Unicorn-44292.exe
2528	Unicorn-48931.exe
2520	Unicorn-53420.exe
2744	Unicorn-45252.exe
2496	Unicorn-44987.exe
980	Unicorn-12387.exe
832	Unicorn-53975.exe
1440	Unicorn-21494.exe
2300	Unicorn-41360.exe
1056	Unicorn-45444.exe
1196	Unicorn-10533.exe
1520	Unicorn-62335.exe
2720	Unicorn-60939.exe
1336	Unicorn-26861.exe
1304	Unicorn-6632.exe
2200	Unicorn-19631.exe
1848	Unicorn-6995.exe
480	Unicorn-20730.exe
744	Unicorn-26596.exe
2680	Unicorn-39497.exe
2148	Unicorn-2548.exe
1936	Unicorn-61955.exe
1632	Unicorn-64001.exe
1324	Unicorn-12195.exe
2888	Unicorn-19576.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 1032	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	28
PID 2872 wrote to memory of 1032	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	28
PID 2872 wrote to memory of 1032	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	28
PID 2872 wrote to memory of 1032	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	28
PID 1032 wrote to memory of 2100	1032	Unicorn-53757.exe	29
PID 1032 wrote to memory of 2100	1032	Unicorn-53757.exe	29
PID 1032 wrote to memory of 2100	1032	Unicorn-53757.exe	29
PID 1032 wrote to memory of 2100	1032	Unicorn-53757.exe	29
PID 2872 wrote to memory of 2884	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	30
PID 2872 wrote to memory of 2884	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	30
PID 2872 wrote to memory of 2884	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	30
PID 2872 wrote to memory of 2884	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	30
PID 2100 wrote to memory of 1964	2100	Unicorn-13082.exe	31
PID 2100 wrote to memory of 1964	2100	Unicorn-13082.exe	31
PID 2100 wrote to memory of 1964	2100	Unicorn-13082.exe	31
PID 2100 wrote to memory of 1964	2100	Unicorn-13082.exe	31
PID 1032 wrote to memory of 2784	1032	Unicorn-53757.exe	32
PID 1032 wrote to memory of 2784	1032	Unicorn-53757.exe	32
PID 1032 wrote to memory of 2784	1032	Unicorn-53757.exe	32
PID 1032 wrote to memory of 2784	1032	Unicorn-53757.exe	32
PID 2884 wrote to memory of 2632	2884	Unicorn-54670.exe	33
PID 2884 wrote to memory of 2632	2884	Unicorn-54670.exe	33
PID 2884 wrote to memory of 2632	2884	Unicorn-54670.exe	33
PID 2884 wrote to memory of 2632	2884	Unicorn-54670.exe	33
PID 2872 wrote to memory of 2748	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	34
PID 2872 wrote to memory of 2748	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	34
PID 2872 wrote to memory of 2748	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	34
PID 2872 wrote to memory of 2748	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	34
PID 1964 wrote to memory of 2776	1964	Unicorn-44624.exe	35
PID 1964 wrote to memory of 2776	1964	Unicorn-44624.exe	35
PID 1964 wrote to memory of 2776	1964	Unicorn-44624.exe	35
PID 1964 wrote to memory of 2776	1964	Unicorn-44624.exe	35
PID 2100 wrote to memory of 2532	2100	Unicorn-13082.exe	36
PID 2100 wrote to memory of 2532	2100	Unicorn-13082.exe	36
PID 2100 wrote to memory of 2532	2100	Unicorn-13082.exe	36
PID 2100 wrote to memory of 2532	2100	Unicorn-13082.exe	36
PID 2632 wrote to memory of 2604	2632	Unicorn-28096.exe	37
PID 2632 wrote to memory of 2604	2632	Unicorn-28096.exe	37
PID 2632 wrote to memory of 2604	2632	Unicorn-28096.exe	37
PID 2632 wrote to memory of 2604	2632	Unicorn-28096.exe	37
PID 2884 wrote to memory of 2568	2884	Unicorn-54670.exe	38
PID 2884 wrote to memory of 2568	2884	Unicorn-54670.exe	38
PID 2884 wrote to memory of 2568	2884	Unicorn-54670.exe	38
PID 2884 wrote to memory of 2568	2884	Unicorn-54670.exe	38
PID 2748 wrote to memory of 2924	2748	Unicorn-5629.exe	40
PID 2748 wrote to memory of 2924	2748	Unicorn-5629.exe	40
PID 2748 wrote to memory of 2924	2748	Unicorn-5629.exe	40
PID 2748 wrote to memory of 2924	2748	Unicorn-5629.exe	40
PID 2784 wrote to memory of 2980	2784	Unicorn-28842.exe	39
PID 2784 wrote to memory of 2980	2784	Unicorn-28842.exe	39
PID 2784 wrote to memory of 2980	2784	Unicorn-28842.exe	39
PID 2784 wrote to memory of 2980	2784	Unicorn-28842.exe	39
PID 2872 wrote to memory of 664	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	41
PID 2872 wrote to memory of 664	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	41
PID 2872 wrote to memory of 664	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	41
PID 2872 wrote to memory of 664	2872	70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe	41
PID 1032 wrote to memory of 1804	1032	Unicorn-53757.exe	42
PID 1032 wrote to memory of 1804	1032	Unicorn-53757.exe	42
PID 1032 wrote to memory of 1804	1032	Unicorn-53757.exe	42
PID 1032 wrote to memory of 1804	1032	Unicorn-53757.exe	42
PID 2776 wrote to memory of 2284	2776	Unicorn-27385.exe	43
PID 2776 wrote to memory of 2284	2776	Unicorn-27385.exe	43
PID 2776 wrote to memory of 2284	2776	Unicorn-27385.exe	43
PID 2776 wrote to memory of 2284	2776	Unicorn-27385.exe	43

C:\Users\Admin\AppData\Local\Temp\70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe
"C:\Users\Admin\AppData\Local\Temp\70eba7fa9d42b4d7ba0d1aaa9e4c8a2e87ee23d1aa5c23f08692f8c0254721c0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        10⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 224
        11⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 228
        10⤵
        Program crash
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        9⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 224
        9⤵
        Program crash
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21868.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
        9⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        9⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
        9⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27443.exe
        8⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        9⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        10⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33996.exe
        9⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 224
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1136.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49080.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        8⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 248
        8⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        8⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 248
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
        7⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        7⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 244
        7⤵
        Program crash
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        9⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 228
        9⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 244
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41577.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51229.exe
        9⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
        9⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        8⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        8⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        8⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        8⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
        7⤵
        Program crash
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        6⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        8⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        7⤵
        Program crash
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        7⤵
        
        PID:9108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        6⤵
        Program crash
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        10⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 228
        10⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        9⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        9⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 248
        9⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        9⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        8⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        9⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 248
        8⤵
        Program crash
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        7⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        7⤵
        
        PID:5748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 248
        6⤵
        Program crash
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 244
        6⤵
        Program crash
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60492.exe
        8⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        8⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 248
        7⤵
        Program crash
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        6⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        7⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 248
        7⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        6⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
        6⤵
        
        PID:7708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 244
        6⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        6⤵
        
        PID:5000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 228
        6⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        5⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        5⤵
        
        PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        5⤵
        
        PID:8500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        6⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        8⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 248
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        7⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 244
        7⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
        7⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        6⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 224
        7⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
        6⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        6⤵
        
        PID:8140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 248
        6⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
        5⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36735.exe
        6⤵
        
        PID:6840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        6⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32580.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37788.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        5⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        5⤵
        
        PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        5⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1635.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54744.exe
        7⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 228
        7⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        6⤵
        
        PID:4804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 244
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8914.exe
        6⤵
        
        PID:7088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        6⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48479.exe
        5⤵
        
        PID:4772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 228
        5⤵
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
      4⤵
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        6⤵
        
        PID:7320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        6⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 244
        5⤵
        
        PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
      4⤵
      PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
        5⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27517.exe
        5⤵
        
        PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
      4⤵
      PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
      4⤵
      PID:6540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
      4⤵
      PID:8900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        6⤵
        Program crash
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4349.exe
        6⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        7⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 224
        8⤵
        Program crash
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60871.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        8⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        7⤵
        Program crash
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        8⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        8⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        7⤵
        Program crash
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
        6⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        7⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        6⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        7⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        6⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        6⤵
        
        PID:7012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 224
        6⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        5⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15579.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        8⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        8⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 224
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        7⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        7⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        6⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 220
        7⤵
        
        PID:8124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44996.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
        6⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27495.exe
        6⤵
        
        PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        6⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        7⤵
        
        PID:9100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 248
        6⤵
        Program crash
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        5⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        6⤵
        
        PID:7628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 228
        6⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61946.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40945.exe
        5⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22948.exe
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64256.exe
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        5⤵
        
        PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21309.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33460.exe
        8⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        7⤵
        Program crash
        
        PID:4928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 248
        6⤵
        Program crash
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
        5⤵
        
        PID:2904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 244
        6⤵
        Program crash
        
        PID:3824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 224
        5⤵
        Program crash
        
        PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        7⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 248
        7⤵
        
        PID:5796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        6⤵
        Program crash
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        5⤵
        
        PID:1416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 244
        6⤵
        Program crash
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        6⤵
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
        6⤵
        
        PID:8692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        5⤵
        Program crash
        
        PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        6⤵
        
        PID:3448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        6⤵
        Program crash
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        5⤵
        
        PID:3752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 244
        5⤵
        Program crash
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
      4⤵
      PID:264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 244
        5⤵
        Program crash
        
        PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
      4⤵
      PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4777.exe
      4⤵
      PID:8892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15371.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        8⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
        8⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        7⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
        7⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        7⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 208
        8⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 248
        7⤵
        Program crash
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7001.exe
        6⤵
        
        PID:4832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        6⤵
        
        PID:5532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        5⤵
        Program crash
        
        PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 224
        5⤵
        Program crash
        
        PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
      4⤵
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10535.exe
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19076.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        6⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27260.exe
        5⤵
        
        PID:4128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 244
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50379.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8530.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        5⤵
        
        PID:7660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 240
        5⤵
        
        PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
      4⤵
      PID:4960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 248
      4⤵
      PID:5920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Program crash
      PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62678.exe
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        5⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        6⤵
        
        PID:8240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        5⤵
        Program crash
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        5⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        5⤵
        
        PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
      4⤵
      PID:9208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
    3⤵
    PID:1708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 224
      4⤵
      Program crash
      PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
      4⤵
      PID:5412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 228
      4⤵
      PID:7048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
    3⤵
    PID:5364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
    3⤵
    PID:6928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
    3⤵
    PID:8460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40260.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        9⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        8⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 244
        8⤵
        Program crash
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        8⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 216
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        7⤵
        
        PID:8568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        6⤵
        Program crash
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48931.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        6⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39129.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18616.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
        8⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1110.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4390.exe
        7⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 248
        7⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        7⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 228
        7⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        6⤵
        
        PID:5828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 244
        6⤵
        
        PID:7056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29764.exe
        7⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        6⤵
        
        PID:6800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 224
        6⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9154.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        6⤵
        
        PID:6884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 248
        6⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe
        5⤵
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        5⤵
        
        PID:8796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        8⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 248
        8⤵
        Program crash
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        7⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        7⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 228
        7⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        6⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 224
        7⤵
        Program crash
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55500.exe
        6⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
        6⤵
        
        PID:7780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 244
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        5⤵
        
        PID:2580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 224
        6⤵
        Program crash
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        5⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        6⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        6⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        5⤵
        
        PID:4660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 244
        5⤵
        
        PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
        6⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40186.exe
        7⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
        7⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18158.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61951.exe
        6⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        5⤵
        
        PID:3172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 224
        6⤵
        Program crash
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        5⤵
        
        PID:4160
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 248
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        5⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12045.exe
        6⤵
        
        PID:3812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
        6⤵
        Program crash
        
        PID:5124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        5⤵
        Program crash
        
        PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 224
        5⤵
        Program crash
        
        PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
      4⤵
      PID:3872
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 244
      4⤵
      Program crash
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40919.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        6⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        6⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 224
        7⤵
        Program crash
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64628.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        6⤵
        
        PID:5396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        6⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33165.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        6⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        7⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
        7⤵
        
        PID:8784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 248
        6⤵
        Program crash
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        6⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
        6⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22933.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
        5⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        5⤵
        
        PID:7692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 248
        5⤵
        
        PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51879.exe
        5⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        6⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 224
        7⤵
        Program crash
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
        6⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 224
        7⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
        6⤵
        
        PID:5104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 228
        6⤵
        
        PID:2204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        5⤵
        Program crash
        
        PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
      4⤵
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52912.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
        6⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
        6⤵
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57030.exe
        5⤵
        
        PID:6940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        5⤵
        
        PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        5⤵
        
        PID:8452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 248
      4⤵
      Program crash
      PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 224
        5⤵
        Program crash
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        5⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        6⤵
        
        PID:7584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 228
        6⤵
        
        PID:8432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 248
        5⤵
        Program crash
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
      4⤵
      PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 244
      4⤵
      PID:7468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        7⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        6⤵
        
        PID:4984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 244
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2979.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
        5⤵
        
        PID:4540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 216
        5⤵
        
        PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
      4⤵
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33720.exe
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        5⤵
        
        PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26911.exe
      4⤵
      PID:3428
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 248
      4⤵
      Program crash
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48558.exe
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 248
      4⤵
      Program crash
      PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
      4⤵
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        5⤵
        
        PID:7720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 228
        5⤵
        
        PID:8556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
      4⤵
      PID:4756
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 244
      4⤵
      PID:6152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
    3⤵
    PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
      4⤵
      PID:7528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 228
      4⤵
      PID:8700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57480.exe
    3⤵
    PID:5040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
    3⤵
    PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
    3⤵
    PID:6948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
    3⤵
    PID:7716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
    3⤵
    PID:8480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        5⤵
        Program crash
        
        PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13726.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        6⤵
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        6⤵
        
        PID:4592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 224
        6⤵
        
        PID:6188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 248
        5⤵
        Program crash
        
        PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe
      4⤵
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 228
        5⤵
        Program crash
        
        PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
      4⤵
      PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        5⤵
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
      4⤵
      PID:4572
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 248
      4⤵
      PID:4684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        5⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        6⤵
        
        PID:4556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 228
        6⤵
        
        PID:5316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 248
        5⤵
        Program crash
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45091.exe
      4⤵
      PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 224
        5⤵
        
        PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31571.exe
      4⤵
      PID:3864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
      4⤵
      Program crash
      PID:3928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
      4⤵
      PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32129.exe
        5⤵
        
        PID:5604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 224
        5⤵
        
        PID:7024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
      4⤵
      PID:3448
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 244
      4⤵
      Program crash
      PID:5524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
    3⤵
    PID:996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32466.exe
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34738.exe
      4⤵
      PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
      4⤵
      PID:6756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
      4⤵
      PID:7732
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 244
      4⤵
      PID:8608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
    3⤵
    PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 244
    3⤵
    PID:6912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        5⤵
        Program crash
        
        PID:2828
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
      4⤵
      Program crash
      PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12195.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
      4⤵
      Program crash
      PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
    3⤵
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
      4⤵
      PID:3572
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 228
      4⤵
      Program crash
      PID:5208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
    3⤵
    PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
    3⤵
    PID:6816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
    3⤵
    PID:7748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48039.exe
    3⤵
    PID:8488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1632
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 224
      4⤵
      Program crash
      PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
    3⤵
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
      4⤵
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        5⤵
        
        PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
      4⤵
      PID:5008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 244
      4⤵
      PID:6116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
    3⤵
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
      4⤵
      PID:8816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
    3⤵
    PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
    3⤵
    PID:6180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
    3⤵
    PID:6936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
    3⤵
    PID:7956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
    3⤵
    PID:8628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
    3⤵
    PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
      4⤵
      PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        5⤵
        
        PID:7072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 228
        5⤵
        
        PID:7656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46996.exe
      4⤵
      PID:4908
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 244
      4⤵
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
    3⤵
    PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
      4⤵
      PID:7436
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 248
      4⤵
      PID:8280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
    3⤵
    PID:5084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 228
    3⤵
    PID:5860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
  2⤵
  PID:1284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14090.exe
    3⤵
    PID:4800
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
    3⤵
    PID:1984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
  2⤵
  PID:5164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
  2⤵
  PID:6772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57003.exe
  2⤵
  PID:7768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
  2⤵
  PID:8548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe

Filesize
468KB

MD5
0388ce0923ff65c0dcb1845775e75a23

SHA1
c7f66d7817eac0b383ed3d2ee1aadcbb9b5f5eb0

SHA256
fe22720230990c8096e5a29309b0e1fef6dbd37b8fa812d300d908082ecc9987

SHA512
9ea2cc6c0d3cc26c45d744d7c83c2179fb86f0efe418e6da15386fa2074f9bddf68c0c7897c8fb1e95148023a3e5e040c59eafb0989792b9b16f6debbbe9a5bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe

Filesize
468KB

MD5
564419a85bc856c10b15e68ce57e9267

SHA1
9edce826ce2a7fb36eddd4b12a49ed3f93050a89

SHA256
551c9d7a04b5978d2b81e4458c7f52050da898e7331c8d76ef6368dd62b7b1cc

SHA512
506d425be4d16e9ee7d661fa1067c8d599dbb37d3f84ee7884a09b172e1b49c48cde5b0194cd23347c45b86d524b795cc3f8ade5a5b02fc85ad8c7a87c20aa1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe

Filesize
468KB

MD5
c98a56f923185ecdd35b0d29e3d77d3a

SHA1
f0d533d5013d7ad1e4d456345d24db9b550e6750

SHA256
1d76d7cc821ef7df2f762df3b07a6b0c3a007625d94338747043083c487063d2

SHA512
3367af79cf0899307e3555ed52789d0042cfc795c884292e430acbe8a018bcca53feee90d892bf5d7dc0c8e618f7e33a7386558eb828e1a2d470bdacf7af0567

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11795.exe

Filesize
468KB

MD5
09439f765d431757ab384aa492a3c309

SHA1
cc55274594964d8c03d260055ec6a7fdc21c8a69

SHA256
83bb26bb1ce1e573b36d56b19e7acf9ad5e21c18b050040df8837e57e2812d76

SHA512
ca3ceca73eb7995486cb51f6e07234deb000113b69cffad8d6a23af9625a2e120c47f7d37595fcfe5b89e0142c0acbbb435408f043d823ba89284e2a5bdbeff1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe

Filesize
468KB

MD5
2ba780ec807a8c4c7554ae1e16e2a944

SHA1
b3945590891dfde5d3342b44238abf78a5768089

SHA256
d2084061714d241bff2e827bd1ff96249911b18e29dfc0739ecdfe1427747456

SHA512
231ceb09a9191a47211f8dcbba10a7b2c4ae7d358ce18749f14bdcfa7826fd3c0c6a63d336fdf540ca71d0aff8ba4b6f8fb146ad682c114809be5a12d2e4aa42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe

Filesize
468KB

MD5
a1b0f45130fe339f4680415450c882f7

SHA1
c5ef15a9a7969f010d427aaa8ecc4a725eac910a

SHA256
9b6e8604a67eab63b55ff468e12b960ceb1b225d2de9dd224da12218f06043f4

SHA512
99ff702e2ff1db7928d6acf7d46b9b9eee57cc732f552af81163f653e120145e5da5df95bc54c6d36d6b2bac1afb615087a6b888c42813ac1e8c0b6019aa18d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe

Filesize
468KB

MD5
97b6cbb9fc3c19e2dff95ddc903dbe9a

SHA1
e6afa1eb724af376b597cf8944b1e429c616ff8f

SHA256
69ff818ebbbb5ae353e4c5e5ee9e06c705174dcdfdac2ccdeb1cd642b2c62b95

SHA512
4fe2feb116dc4dadfed5f651527cafb1977ce0d1289b2fa0ae054ec8d90a0ecb477a2f66ee78c14075d169aa1e483d52813554cf7c00ee93f25ff6d1812dbce0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe

Filesize
468KB

MD5
7d9d806c104c66aff00a844dd8482054

SHA1
90c7ffd88e979c5e13999062b48f38e3a31f673d

SHA256
0d30a1c8a8933d05be3349b7373eb85745f6f8a7490e47f85d79a41ae0d43b87

SHA512
f22f0a89f85126f070d7d0b831d14caed36c861c147dc84001343e4f2fbadb16f448544d5c37022001f704e97a431a7e4a255e4ec4cf77c39fccc0c9bde5d669

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe

Filesize
468KB

MD5
78a206880a710d72e469ed2350d08c10

SHA1
e8bf6af595f777428d9c8dfde6881b0df9a23503

SHA256
80796700af0a4e4480d691e513d47281c62a05d79e538fc59a3f2d9944043f87

SHA512
deb85db6f84a33af12cc8b59a8742bc749eb55fcfd7cf28ca18b70b5efba1604b8db17e320c0ff8566a848c337d8eca73d49d56c84cbdf2bceec1f9a59437581

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe

Filesize
468KB

MD5
0fce18ce67b1bfc230b86cc1d4dee383

SHA1
e5d50851a253659aa0b4b7378e5ae6b416373e1a

SHA256
5cc1106d4d3f220dc22c20afdbc8ef179e7bb4bea81aafb239ed1765860ddb0c

SHA512
6e98896602b1995e6ffc7f644e5268f084ca1f87ab96ff0b0900aa4584e2a3b82099a2ab9410edd84c94a78d884fcb1e32ea517f5718d32c4f905927b2e22a1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe

Filesize
468KB

MD5
3eedd18ccf7dcf3fb81d2c6216f98a95

SHA1
5ac928a1ae2ed5ffd181204c4dfd5dd868e27c9a

SHA256
722ab4041fbf86572a9b9ed6309c02a2a0e7d687f4b189ad1d4aaf5410d32a8c

SHA512
4b4dad47e0723d55708624e3352af70cac07869df9fbba9cc343b9d5d86ffed11175a2adc720c4a8fc90e9ad76cc89b92e61aab7e2a6f0be04b6d7a35c6ea896

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe

Filesize
468KB

MD5
7e53d1614482f449fec2285cf2dff201

SHA1
d9a6715d840bed41223b8cf0098a87c7fd4e5012

SHA256
94a53f1c1c506d17d2e254ec3e8ac177b508bb19b5f0c46ccf5b85f15ff57a82

SHA512
b8011b7ffc92fd75e4a53d24c49e6494a5ef8c437758253331065c4e699a0973f3daed534d54962486103f8a38bfb09c20010ff3711658e5f91a7abd791f287c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe

Filesize
468KB

MD5
6b870f99e468491c56934f85ad4f1f8d

SHA1
5e1113eba3f399fc01c6326948bf3e4dd87c0d88

SHA256
252b9f03a8fd76e81bc62e4852c0a7520459d06dae73f0a263fc044b56a1ea38

SHA512
19718d0975447db4cbd67f00a979c1e2a5db0157f1ff4fbba1c9cd66cf136c872b9fc29b329120e392dc9fb0ccc2d54e769ebbd4f76bf23a58cdad92fdf5aa8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe

Filesize
468KB

MD5
b71e6c21e75d23bfff1acdf70847daa2

SHA1
d37b125d8e125344c8df669f1bde999390580bf8

SHA256
54ab1f8984822cb40ebd8019c1a0aad350cca26a8290236f8f39cd1f6619df05

SHA512
052fce08cbfde4ba0721adb9507a606067aa878ae327250a46d5752eb21492391001df4c16be7afb80ac6b1b0d399ce5315ecb4cf136ab58c0354cf7c3443f6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe

Filesize
468KB

MD5
7f3c6c469d0b4dd5672ddb5e50f94a62

SHA1
741ef7c7a5a1e421cd5f6ec2fa15cfbc56d6825f

SHA256
cf19c874a502242ebc49ea6961e229109b663003eddc04be6a971379f5a2662e

SHA512
0c91595d1a990e349ded5da20175b4cae166e8798dd92c000f0317b7bdd6eca589b26711591b09fb71188c568fd6094988b77367a204b7fe3d876703c784ee2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe

Filesize
468KB

MD5
59eef041a77fa2a3f0079cc3fea476d9

SHA1
81fdb6a55cbb2b52e3d53a3131a78695544fb802

SHA256
a8d28c777a25f517438f5695e9cc1ae81a47e8b9ccb494d87e506707a4705b3e

SHA512
b987269ba323e8b6fdf99f3ff8ea524bd41887b7290c96626ef00ea046f669d2f58f120a43cc8b44c1c6b2fa9b29e2fa1cd436e72233d8d56f48f63b4a1d35a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe

Filesize
468KB

MD5
5db4d3124fdf1e8e6fe466a362c07ed5

SHA1
567e48f040b6c0edf845e02a70f45996f727707c

SHA256
3c1a9e2b3e3fb484f763d1c3d32207615dbe9fb6c5019e2e58708e4840873c1f

SHA512
57d3f23efe8de57b13b144fd78b5156902e2cf4116794b6c44c5f2663004a0acd4c36a982ca74100653c9f7ebdec525e4d37285e886b387a806989a2ffc0d0b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe

Filesize
468KB

MD5
837726abfe4c8d635aa2df7f3b9a674a

SHA1
5ab02665d2a927992d3e1575d271a9a2c0e4747e

SHA256
de96ff53e21ac746941c12f1a52f6de552cf6597be5bbbb654b89610bdfab8ba

SHA512
d3093ddacbbf1e507e4dbe942343373168264153d53e5b7d0c4814dc1451e60fb981e18324f45595178f72850bd98a834ea490e6b8ecf205e16f9d0de15100fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe

Filesize
468KB

MD5
b6b401b21d51817aa33d48f6fc99ed0d

SHA1
78d94b3c63f1329ccda68cb93a4aa788ca0ebcfb

SHA256
304c8717246c5859acd559bb69ac8cf188dd3fa4a21bfe8f99b34e4bd8337480

SHA512
7ee1046465dd2d4e2520b0de77cb62a43d091a853e93c0bfa82ba22260bd1922cd5e73b0419973f9540d3a7107602a066e7aa34eccaf7bebda8b73caa01964ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe

Filesize
468KB

MD5
d5ee239901724adcb6be787b287d6338

SHA1
841fe54617e7514669aa56d48816f03c766bf3f4

SHA256
cac8a687d6bdf74e9ee027d6b1f2bab82f208b387990460c0f0e61298b363f1e

SHA512
81b799e4cf51ea858c1886fd99fd80ecf5f06043ba4faeae83595901d67a469528e918f600e64bcb1e8e2e0c4f4c33c993dd8e882acf991d7856de314aa5b52d

Download Submit