52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 21:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
Size

468KB
MD5

d598be7a32c4cdd89c6829bfb5191222
SHA1

3217ad9bab01bca7d8a11283fb84ee683c76541b
SHA256

52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58
SHA512

3fcf64e1f4bf2c9059bb7b6b008ff6d845dc829c635dd4898b324e1e9924ae84d1fc580fb6d816eec9a234b6e326f254daf49b7870dc76b3369c547dac435cf0
SSDEEP

3072:1G3HogIKIE5TtbY2HzxOcf8/zChaP0pkJVHeTVPGKI5LR7gg+1lU:1G3oDMTtxHVOcfuY1YKIVVgg+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2888	Unicorn-11297.exe
2232	Unicorn-37722.exe
1804	Unicorn-45568.exe
2824	Unicorn-33721.exe
2596	Unicorn-47919.exe
2112	Unicorn-9579.exe
2880	Unicorn-2894.exe
2656	Unicorn-50716.exe
2760	Unicorn-57301.exe
2572	Unicorn-34188.exe
2192	Unicorn-1415.exe
2304	Unicorn-26020.exe
1740	Unicorn-25563.exe
3032	Unicorn-5962.exe
1956	Unicorn-64722.exe
976	Unicorn-44349.exe
604	Unicorn-55786.exe
1320	Unicorn-61261.exe
2220	Unicorn-39257.exe
2472	Unicorn-24313.exe
2136	Unicorn-50193.exe
2948	Unicorn-16721.exe
916	Unicorn-24980.exe
2316	Unicorn-57753.exe
1964	Unicorn-27027.exe
1508	Unicorn-2885.exe
2356	Unicorn-61380.exe
2120	Unicorn-14390.exe
316	Unicorn-24697.exe
1760	Unicorn-4831.exe
1972	Unicorn-33532.exe
1680	Unicorn-27795.exe
3064	Unicorn-13959.exe
2176	Unicorn-31687.exe
2436	Unicorn-43839.exe
1372	Unicorn-31194.exe
1980	Unicorn-60529.exe
2392	Unicorn-14665.exe
2844	Unicorn-43922.exe
2704	Unicorn-55982.exe
2756	Unicorn-62112.exe
2724	Unicorn-19134.exe
2588	Unicorn-64058.exe
2836	Unicorn-38592.exe
2620	Unicorn-20264.exe
3024	Unicorn-19710.exe
2452	Unicorn-21390.exe
1216	Unicorn-38376.exe
2916	Unicorn-38111.exe
2000	Unicorn-18510.exe
2248	Unicorn-5511.exe
1788	Unicorn-27969.exe
1712	Unicorn-48490.exe
2548	Unicorn-59372.exe
2260	Unicorn-35422.exe
1136	Unicorn-42082.exe
568	Unicorn-51012.exe
1696	Unicorn-57296.exe
1768	Unicorn-28345.exe
1732	Unicorn-15800.exe
2320	Unicorn-12200.exe
748	Unicorn-47011.exe
876	Unicorn-51479.exe
1572	Unicorn-31613.exe

Loads dropped DLL 64 IoCs

pid	Process
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
2888	Unicorn-11297.exe
2888	Unicorn-11297.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
2232	Unicorn-37722.exe
2232	Unicorn-37722.exe
1804	Unicorn-45568.exe
1804	Unicorn-45568.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
2888	Unicorn-11297.exe
2888	Unicorn-11297.exe
2824	Unicorn-33721.exe
2824	Unicorn-33721.exe
2232	Unicorn-37722.exe
2232	Unicorn-37722.exe
2112	Unicorn-9579.exe
2112	Unicorn-9579.exe
2888	Unicorn-11297.exe
2888	Unicorn-11297.exe
2596	Unicorn-47919.exe
2596	Unicorn-47919.exe
1804	Unicorn-45568.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
1804	Unicorn-45568.exe
2880	Unicorn-2894.exe
2880	Unicorn-2894.exe
2656	Unicorn-50716.exe
2656	Unicorn-50716.exe
2824	Unicorn-33721.exe
2824	Unicorn-33721.exe
1740	Unicorn-25563.exe
1740	Unicorn-25563.exe
2596	Unicorn-47919.exe
2596	Unicorn-47919.exe
2304	Unicorn-26020.exe
2304	Unicorn-26020.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
2760	Unicorn-57301.exe
2760	Unicorn-57301.exe
2232	Unicorn-37722.exe
2232	Unicorn-37722.exe
2192	Unicorn-1415.exe
1956	Unicorn-64722.exe
2192	Unicorn-1415.exe
1956	Unicorn-64722.exe
2880	Unicorn-2894.exe
2880	Unicorn-2894.exe
2888	Unicorn-11297.exe
2888	Unicorn-11297.exe
2572	Unicorn-34188.exe
2572	Unicorn-34188.exe
3032	Unicorn-5962.exe
2112	Unicorn-9579.exe
3032	Unicorn-5962.exe
2112	Unicorn-9579.exe
1804	Unicorn-45568.exe
1804	Unicorn-45568.exe
976	Unicorn-44349.exe
976	Unicorn-44349.exe

Program crash 59 IoCs

pid	pid_target	Process	procid_target
2664	2120	WerFault.exe	56
2480	2572	WerFault.exe	38
2900	1972	WerFault.exe	59
892	2176	WerFault.exe	62
2228	2192	WerFault.exe	39
2256	2436	WerFault.exe	63
2064	2392	WerFault.exe	66
1772	2760	WerFault.exe	37
1544	1980	WerFault.exe	65
2936	2000	WerFault.exe	81
2904	2836	WerFault.exe	72
2640	2224	WerFault.exe	98
1220	2596	WerFault.exe	33
2252	976	WerFault.exe	44
1708	2656	WerFault.exe	36
2804	2540	WerFault.exe	97
2644	2588	WerFault.exe	71
1492	2844	WerFault.exe	67
2068	1508	WerFault.exe	54
2448	916	WerFault.exe	51
2632	2136	WerFault.exe	49
1644	3064	WerFault.exe	61
920	1572	WerFault.exe	94
2308	2756	WerFault.exe	68
3396	2704	WerFault.exe	69
3492	2948	WerFault.exe	50
3960	2620	WerFault.exe	73
3580	2896	WerFault.exe	103
3888	2548	WerFault.exe	85
1236	2220	WerFault.exe	47
1460	1964	WerFault.exe	53
1984	1372	WerFault.exe	64
3456	2232	WerFault.exe	30
3472	1788	WerFault.exe	83
4544	1768	WerFault.exe	90
4788	1840	WerFault.exe	147
4776	316	WerFault.exe	57
4880	3032	WerFault.exe	41
4512	1696	WerFault.exe	89
4688	1560	WerFault.exe	112
4384	1704	WerFault.exe	102
5172	3076	WerFault.exe	178
5920	2636	WerFault.exe	128
5272	3024	WerFault.exe	74
5484	1136	WerFault.exe	87
6404	2472	WerFault.exe	48
6496	2916	WerFault.exe	80
6576	748	WerFault.exe	93
6560	2356	WerFault.exe	55
6544	1728	WerFault.exe	119
6528	1956	WerFault.exe	43
6596	1376	WerFault.exe	150
6588	1760	WerFault.exe	58
6656	2880	WerFault.exe	34
6608	1740	WerFault.exe	42
7048	2148	WerFault.exe	106
7044	3028	WerFault.exe	129
4068	2304	WerFault.exe	40
4404	876	WerFault.exe	95

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46818.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
2888	Unicorn-11297.exe
2232	Unicorn-37722.exe
1804	Unicorn-45568.exe
2824	Unicorn-33721.exe
2880	Unicorn-2894.exe
2596	Unicorn-47919.exe
2112	Unicorn-9579.exe
2656	Unicorn-50716.exe
2192	Unicorn-1415.exe
2760	Unicorn-57301.exe
2572	Unicorn-34188.exe
1740	Unicorn-25563.exe
3032	Unicorn-5962.exe
2304	Unicorn-26020.exe
1956	Unicorn-64722.exe
976	Unicorn-44349.exe
604	Unicorn-55786.exe
1320	Unicorn-61261.exe
2220	Unicorn-39257.exe
2472	Unicorn-24313.exe
2948	Unicorn-16721.exe
916	Unicorn-24980.exe
2136	Unicorn-50193.exe
1964	Unicorn-27027.exe
2316	Unicorn-57753.exe
1760	Unicorn-4831.exe
1508	Unicorn-2885.exe
2120	Unicorn-14390.exe
316	Unicorn-24697.exe
2356	Unicorn-61380.exe
1972	Unicorn-33532.exe
1680	Unicorn-27795.exe
3064	Unicorn-13959.exe
2176	Unicorn-31687.exe
2436	Unicorn-43839.exe
1980	Unicorn-60529.exe
1372	Unicorn-31194.exe
2392	Unicorn-14665.exe
2844	Unicorn-43922.exe
2756	Unicorn-62112.exe
2620	Unicorn-20264.exe
2704	Unicorn-55982.exe
2588	Unicorn-64058.exe
2836	Unicorn-38592.exe
2724	Unicorn-19134.exe
3024	Unicorn-19710.exe
1216	Unicorn-38376.exe
2248	Unicorn-5511.exe
2916	Unicorn-38111.exe
2452	Unicorn-21390.exe
1788	Unicorn-27969.exe
2000	Unicorn-18510.exe
2548	Unicorn-59372.exe
1712	Unicorn-48490.exe
2260	Unicorn-35422.exe
1136	Unicorn-42082.exe
568	Unicorn-51012.exe
1696	Unicorn-57296.exe
1768	Unicorn-28345.exe
1732	Unicorn-15800.exe
748	Unicorn-47011.exe
1572	Unicorn-31613.exe
876	Unicorn-51479.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2888	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	29
PID 1088 wrote to memory of 2888	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	29
PID 1088 wrote to memory of 2888	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	29
PID 1088 wrote to memory of 2888	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	29
PID 2888 wrote to memory of 2232	2888	Unicorn-11297.exe	30
PID 2888 wrote to memory of 2232	2888	Unicorn-11297.exe	30
PID 2888 wrote to memory of 2232	2888	Unicorn-11297.exe	30
PID 2888 wrote to memory of 2232	2888	Unicorn-11297.exe	30
PID 1088 wrote to memory of 1804	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	31
PID 1088 wrote to memory of 1804	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	31
PID 1088 wrote to memory of 1804	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	31
PID 1088 wrote to memory of 1804	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	31
PID 2232 wrote to memory of 2824	2232	Unicorn-37722.exe	32
PID 2232 wrote to memory of 2824	2232	Unicorn-37722.exe	32
PID 2232 wrote to memory of 2824	2232	Unicorn-37722.exe	32
PID 2232 wrote to memory of 2824	2232	Unicorn-37722.exe	32
PID 1804 wrote to memory of 2596	1804	Unicorn-45568.exe	33
PID 1804 wrote to memory of 2596	1804	Unicorn-45568.exe	33
PID 1804 wrote to memory of 2596	1804	Unicorn-45568.exe	33
PID 1804 wrote to memory of 2596	1804	Unicorn-45568.exe	33
PID 1088 wrote to memory of 2880	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	34
PID 1088 wrote to memory of 2880	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	34
PID 1088 wrote to memory of 2880	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	34
PID 1088 wrote to memory of 2880	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	34
PID 2888 wrote to memory of 2112	2888	Unicorn-11297.exe	35
PID 2888 wrote to memory of 2112	2888	Unicorn-11297.exe	35
PID 2888 wrote to memory of 2112	2888	Unicorn-11297.exe	35
PID 2888 wrote to memory of 2112	2888	Unicorn-11297.exe	35
PID 2824 wrote to memory of 2656	2824	Unicorn-33721.exe	36
PID 2824 wrote to memory of 2656	2824	Unicorn-33721.exe	36
PID 2824 wrote to memory of 2656	2824	Unicorn-33721.exe	36
PID 2824 wrote to memory of 2656	2824	Unicorn-33721.exe	36
PID 2232 wrote to memory of 2760	2232	Unicorn-37722.exe	37
PID 2232 wrote to memory of 2760	2232	Unicorn-37722.exe	37
PID 2232 wrote to memory of 2760	2232	Unicorn-37722.exe	37
PID 2232 wrote to memory of 2760	2232	Unicorn-37722.exe	37
PID 2112 wrote to memory of 2572	2112	Unicorn-9579.exe	38
PID 2112 wrote to memory of 2572	2112	Unicorn-9579.exe	38
PID 2112 wrote to memory of 2572	2112	Unicorn-9579.exe	38
PID 2112 wrote to memory of 2572	2112	Unicorn-9579.exe	38
PID 2888 wrote to memory of 2192	2888	Unicorn-11297.exe	39
PID 2888 wrote to memory of 2192	2888	Unicorn-11297.exe	39
PID 2888 wrote to memory of 2192	2888	Unicorn-11297.exe	39
PID 2888 wrote to memory of 2192	2888	Unicorn-11297.exe	39
PID 2596 wrote to memory of 2304	2596	Unicorn-47919.exe	40
PID 2596 wrote to memory of 2304	2596	Unicorn-47919.exe	40
PID 2596 wrote to memory of 2304	2596	Unicorn-47919.exe	40
PID 2596 wrote to memory of 2304	2596	Unicorn-47919.exe	40
PID 1088 wrote to memory of 1740	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	42
PID 1088 wrote to memory of 1740	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	42
PID 1088 wrote to memory of 1740	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	42
PID 1088 wrote to memory of 1740	1088	52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe	42
PID 1804 wrote to memory of 3032	1804	Unicorn-45568.exe	41
PID 1804 wrote to memory of 3032	1804	Unicorn-45568.exe	41
PID 1804 wrote to memory of 3032	1804	Unicorn-45568.exe	41
PID 1804 wrote to memory of 3032	1804	Unicorn-45568.exe	41
PID 2880 wrote to memory of 1956	2880	Unicorn-2894.exe	43
PID 2880 wrote to memory of 1956	2880	Unicorn-2894.exe	43
PID 2880 wrote to memory of 1956	2880	Unicorn-2894.exe	43
PID 2880 wrote to memory of 1956	2880	Unicorn-2894.exe	43
PID 2656 wrote to memory of 976	2656	Unicorn-50716.exe	44
PID 2656 wrote to memory of 976	2656	Unicorn-50716.exe	44
PID 2656 wrote to memory of 976	2656	Unicorn-50716.exe	44
PID 2656 wrote to memory of 976	2656	Unicorn-50716.exe	44

C:\Users\Admin\AppData\Local\Temp\52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe
"C:\Users\Admin\AppData\Local\Temp\52e178c99f7f87c0ae8287a8b7481ec448eb0b023dd017f3be4f427c1c6c7f58.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27540.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        9⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 228
        9⤵
        Program crash
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        9⤵
        Program crash
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
        8⤵
        Program crash
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52554.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        8⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 248
        7⤵
        Program crash
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14846.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
        8⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 224
        8⤵
        Program crash
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        7⤵
        Program crash
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12045.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51389.exe
        7⤵
        
        PID:6888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 248
        6⤵
        Program crash
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 224
        7⤵
        Program crash
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 224
        7⤵
        Program crash
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        6⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
        6⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        6⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43839.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 220
        6⤵
        Program crash
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        5⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        6⤵
        
        PID:5032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 224
        6⤵
        Program crash
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        5⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        5⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55440.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19303.exe
        5⤵
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        6⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10514.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        7⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        6⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        7⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        7⤵
        Program crash
        
        PID:4788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 224
        6⤵
        Program crash
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        6⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        7⤵
        
        PID:6704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        6⤵
        Program crash
        
        PID:920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 244
        5⤵
        Program crash
        
        PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25291.exe
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
        6⤵
        
        PID:2988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 248
        6⤵
        Program crash
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        5⤵
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52725.exe
        6⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12542.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        6⤵
        
        PID:6720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 220
        5⤵
        Program crash
        
        PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        5⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        6⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        6⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        5⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28287.exe
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
      4⤵
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        5⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        5⤵
        
        PID:6548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        5⤵
        
        PID:6748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3232
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 244
      4⤵
      Program crash
      PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 244
        6⤵
        Program crash
        
        PID:2664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        5⤵
        Program crash
        
        PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        6⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1090.exe
        6⤵
        
        PID:3356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 244
        6⤵
        Program crash
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        5⤵
        
        PID:5576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 248
        5⤵
        Program crash
        
        PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        5⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        5⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        5⤵
        
        PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58993.exe
      4⤵
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1322.exe
        5⤵
        
        PID:7284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
      4⤵
      PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
      4⤵
      PID:7172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        6⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        7⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        7⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        7⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33082.exe
        6⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10056.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
        6⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
        6⤵
        
        PID:6456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 248
        6⤵
        Program crash
        
        PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        6⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        5⤵
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
        5⤵
        
        PID:6916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 228
      4⤵
      Program crash
      PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        5⤵
        
        PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 248
        5⤵
        Program crash
        
        PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
      4⤵
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        5⤵
        
        PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        5⤵
        
        PID:7688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34780.exe
      4⤵
      PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
      4⤵
      PID:5212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 248
      4⤵
      Program crash
      PID:6560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
      4⤵
      PID:4872
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 228
      4⤵
      Program crash
      PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
    3⤵
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58885.exe
      4⤵
      PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
      4⤵
      PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
    3⤵
    PID:3912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
    3⤵
    PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
    3⤵
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
    3⤵
    PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
    3⤵
    PID:6616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23924.exe
    3⤵
    PID:7100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58864.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
        7⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        6⤵
        
        PID:5416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        6⤵
        Program crash
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26394.exe
        6⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        6⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        6⤵
        
        PID:3524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        6⤵
        Program crash
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        6⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33223.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        5⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        5⤵
        Program crash
        
        PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
        6⤵
        Program crash
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18230.exe
        5⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49108.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
        6⤵
        
        PID:4476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 224
        6⤵
        Program crash
        
        PID:5172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        5⤵
        Program crash
        
        PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5807.exe
        5⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        6⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        6⤵
        
        PID:6600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        5⤵
        Program crash
        
        PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
      4⤵
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
        5⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
        5⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47278.exe
        5⤵
        
        PID:6808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
      4⤵
      Program crash
      PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        6⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47883.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        6⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27057.exe
        5⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
        6⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32989.exe
        6⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30658.exe
        6⤵
        
        PID:6924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        6⤵
        Program crash
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
        5⤵
        
        PID:3368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
        5⤵
        Program crash
        
        PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        5⤵
        Program crash
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        5⤵
        
        PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
      4⤵
      PID:4060
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 248
      4⤵
      Program crash
      PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
      4⤵
      Program crash
      PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38111.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
        5⤵
        
        PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10632.exe
      4⤵
      PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
      4⤵
      PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5152
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 244
      4⤵
      Program crash
      PID:6496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
      4⤵
      PID:6740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
      4⤵
      PID:6804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
    3⤵
    PID:4088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
    3⤵
    PID:4808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
    3⤵
    PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
    3⤵
    PID:6676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
    3⤵
    PID:4412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        7⤵
        
        PID:6756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        6⤵
        Program crash
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38541.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
        6⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        5⤵
        
        PID:3084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        5⤵
        Program crash
        
        PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40893.exe
        5⤵
        
        PID:1616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 248
        5⤵
        Program crash
        
        PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
      4⤵
      PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      4⤵
      PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50298.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
      4⤵
      PID:5936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 244
      4⤵
      Program crash
      PID:6528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62112.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        6⤵
        
        PID:6992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
        5⤵
        Program crash
        
        PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
      4⤵
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7200
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
      4⤵
      Program crash
      PID:2068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 248
      4⤵
      Program crash
      PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8941.exe
    3⤵
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34293.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
      4⤵
      PID:6604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
    3⤵
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
    3⤵
    PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28767.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3474.exe
    3⤵
    PID:6016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
    3⤵
    - Program crash
    PID:6656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        6⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41246.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        6⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53508.exe
        5⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
        6⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9584.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        6⤵
        
        PID:6908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        6⤵
        
        PID:7104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
        5⤵
        Program crash
        
        PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2865.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        5⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
      4⤵
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        5⤵
        
        PID:7092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60267.exe
      4⤵
      PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
      4⤵
      PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
      4⤵
      PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
      4⤵
      PID:6848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60529.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58585.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        6⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32580.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        5⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
      4⤵
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        5⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33208.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        6⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52568.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        6⤵
        
        PID:5992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 224
        6⤵
        Program crash
        
        PID:6596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        5⤵
        Program crash
        
        PID:3580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 244
      4⤵
      Program crash
      PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
      4⤵
      PID:2636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 212
        5⤵
        Program crash
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4686.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 244
      4⤵
      Program crash
      PID:3472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
    3⤵
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
      4⤵
      PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25069.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
      4⤵
      PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
      4⤵
      PID:6932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15621.exe
    3⤵
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56834.exe
    3⤵
    PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
    3⤵
    PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
    3⤵
    PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5136
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
    3⤵
    - Program crash
    PID:6608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
      4⤵
      PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23037.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
      4⤵
      PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32756.exe
      4⤵
      PID:6728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30373.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30373.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17888.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
      4⤵
      PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
      4⤵
      PID:5228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 244
      4⤵
      Program crash
      PID:6544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
    3⤵
    - Program crash
    PID:2632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 224
    3⤵
    - Program crash
    PID:2904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
  2⤵
  PID:1116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26358.exe
    3⤵
    PID:4132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
    3⤵
    PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
    3⤵
    PID:5356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
    3⤵
    PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
    3⤵
    PID:6412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
  2⤵
  PID:2504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51226.exe
  2⤵
  PID:3364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48898.exe
  2⤵
  PID:4632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
  2⤵
  PID:2296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27274.exe
  2⤵
  PID:5980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
  2⤵
  PID:6640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
  2⤵
  PID:7184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe

Filesize
468KB

MD5
14cfc171fa5bd505fa2c0ab5518592fa

SHA1
f00c4a2007bf4c70161073c1a0cc099bc45072d4

SHA256
15e713c410d65e220093cac479d8c27e53933cb24069145560f673cf1078315f

SHA512
8501e93c569fecdd512d68bb2c7132e39e5c899424520047036c451066d92372800b85429e09b364514ff65f2fbb275e5d6e1384cb2460a701e6253ca9cb71da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe

Filesize
468KB

MD5
e409c63d06da7a444fc858763af256fc

SHA1
eb0271137eb9c5bcc54fbda952aacf4bab6b7510

SHA256
42136d10d96ef5bb07a73595e216ec9fd1ae2f6295d4f92edf938100bc1860bc

SHA512
e3e7f3c993bba592d16c0f5d1ba650b36f861899cf3040a214bbab165e05df2278f683873318df75978b69919845a57767784b47c16ca295e281a5257051c481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe

Filesize
468KB

MD5
bce60c3f4a96a4f8238d9b59c7e3900c

SHA1
2a00568497afb045a527eb305f9b29fb68cfc68c

SHA256
5749417027cc7f6c1be194baff230a65b576ef9a54591ba3915441358e565849

SHA512
59bd431df60dec9f54e242112f12a520929f27feb0570179f224f3e1d6a04aa91faf7c170f29a04b7df31050a46b38a55ec610396b716f85aeaf58197a468277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe

Filesize
468KB

MD5
b612b894cf457b9ce59c4d849ab0a218

SHA1
cde30d183b2ffef1d438d4dd95c72a7ca03d57cc

SHA256
db73793f3b8de1aa36b9de3c6a38b201f5a892d5abb59eea049a6014500cfe49

SHA512
cbafe2fe37af33826b2056f898b94494ce8a2da32f285b55455930d5ea2dbb7553f683fa83e904f0b10a4583fda7863d30cc81edbbc9c1816cc114b40c7cf50d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3129.exe

Filesize
468KB

MD5
8bc213465337d6ffab80fef3d4bf1bd1

SHA1
6184f41be9befa9f8f501f576a95f0ccd283d8f1

SHA256
7e34f12a8a24d9ed4ec233d397f38292aab0c1f8ad787a90ce527c7a4979d60a

SHA512
edad628fa99365b4829dcb4265bd518eac9fae2a6a079a054658c9a65ceb4e399e5fa1ceb3d69b1c575292b74814b0d3178a46ed7c44c0c53dc2f5bacf30eadd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe

Filesize
468KB

MD5
3ef45a30b46024a531faa58046a4ef7f

SHA1
3a47b71a081e9a602932d145fa87459f9425f814

SHA256
44965803e4871cf1580a0e318c2a28c36a3d944b0c01b85fc57a5bf9489e980b

SHA512
41878282c8c929f94bfb3c82f2472b5074db2f41b0d4ad7035da571e2e58365dfd0b252ccc19873ebc80dbda2bb294d33cd3cb57a68a9fe10302cf007b8dc118

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe

Filesize
468KB

MD5
df90f811a00d455766535cb01a7fde97

SHA1
d603217e413df4571919813a7ac82f369f9f4f5b

SHA256
a8be582413238b0501e4751d77f3b3cbce1428e5111da38600128b1b69d824a0

SHA512
4e869cfc089b43f105188965817f6a8a626f3a72374ed2e4f1d442a62547a37fb20e6e7e4d66b77e63a25ee6b188c4c27202cf56d4446dfaf4d8ba1a15dde07a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe

Filesize
468KB

MD5
af7b8fea9bd82dcf78da5efbcc309a1b

SHA1
87a8b8709caad683d0808d70e569883f86db2b1d

SHA256
d0b4228bc10ea18d25cc5fc0723eba4c365e9c1546bb9d7bdb3cf4374764bb31

SHA512
9f3b5c9001252f7a7d36b2572a8de0970b8f1696a16e1317a16280418c269a1b584c3ff3f989f45282e23c3ff9330af486b309e217c0c47216e03986afd89b5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe

Filesize
468KB

MD5
fc7ad3a7e3907436f5cfcf73f60dc070

SHA1
9b939ddc54a5af6f79f4604ee6e747c32e945d09

SHA256
0d93982a5e97a6710dffca69c2b60c4ff619ae4435c496129d546f2892408b19

SHA512
3f8dfd8a223855e0b1f6eadc65f01f76d52fce348818fab8bd8813d8a00f020fc0fe1bce52e9bc096a0a023f545323605692feea4eef58d76668e98f8097d939

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5807.exe

Filesize
468KB

MD5
70d83ba41d9ab5ae11ecf6cfa7545ce2

SHA1
69b41e85efccc66e16043385a3b208d0001d84c2

SHA256
ca80182cea34783fe543c85cb47a7bb866bfba66be67c1247be1b30c90390033

SHA512
c1b8030e79b1b787ea69328034b86febeafaa3c8e9c9fa12e299de77c120628dac771e1aacdf47aa387ac0c1d537831a2875fec2cffa393721f885e582b16f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe

Filesize
468KB

MD5
18bfd75a940a160c95d9f3871220877a

SHA1
fee6fa1b524a6bdb62f2f7b3d7b835da6b8de2c9

SHA256
0a5bfb062d32344a9855c00e8508a94b1158ab3483af9c30a14f5dd8ab97caef

SHA512
1fae51dc0e8c369b6aee283ed7d6708d9a529cec859a931642bec4f458cb0192216ae132e15eaa30ffe6121e2249d285376c13068fcdbaffd7491b24be9eee46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe

Filesize
468KB

MD5
82623f5bad426fdd471d9181aab2af48

SHA1
a24544aa74b92d87385625ffe7b6c3cb6357bb34

SHA256
29b81754684578a968ba37dcdfe69948b5c8c6db684c24cdb65eaeb4b98c8706

SHA512
8866e0ee1709d1c499d425d4aa50a62b754d7a7cf7794eb3f80ba1cb3613b79633312a84f352a3788bbff411aea78424bcd51b50cd649a5bc0fdd8e2879f9dd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe

Filesize
468KB

MD5
564de0203ea18c36fb1d877eb93cda58

SHA1
258d09ac9c9e9df2fa6aaeec473f628f5577de6a

SHA256
674b83bcba48074a6b4b1f8213e2d87dfbf04db122b576b114376b73989193fa

SHA512
b0801dc88164eada6616d2e51a8ba5e4d25b314476054fa4cdbe56c22e4b2db2c8a1746fb2701234cba2ee763487e314b544ddd558c498aca458ea7d33800562

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe

Filesize
468KB

MD5
49270ad684a269cefc200ecd927af335

SHA1
84eb489c43863594af4ddc6189cd8155a559092a

SHA256
4b1934367c98a03c9e65b4552072f77c7c8c6c570fcbffe1db4bcdb01e955941

SHA512
fead9390b53439ce09c4cd149973adfa5af89c537313a52394c09274a5a1e07395027dc926ff28017acdd1194134a15da2dab5183f568c642f5e3d8adf0aeffd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe

Filesize
468KB

MD5
9eac041531224121ca69d75bbbdd4b14

SHA1
1495665daa332d3cad27448be123dd05e427f745

SHA256
f48421b1a8ff992f6e3a8e672e77b970811679f1a29f98ac6d40fd5998255b6f

SHA512
8b32c355b8ea4fb9b657e4600b41f6de0e13015c9a7b417883e7939d7bacd5581b759b051ae3282e6852988362c3b84a95db5482520cf22d2e6a7a5bff8df8a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe

Filesize
468KB

MD5
c6735dc7a0491363ebff5a3f605f1e2d

SHA1
2df3404c2c7e6503fd3ea88b837ff7a2ef3d4a68

SHA256
5beed66c3e9ba207cf5dc5b5008ac62478fbd0b50fc474f90c384aa3687cc049

SHA512
c1687e35caaed011206aa12cee4746615fd600b9f20f37acba295db6cac01480b9c7a709b6881dc005c3d06b36ae2d46cedda531408b6dca23374ee78eba4616

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe

Filesize
468KB

MD5
0bbe3cccc3d457ce68a1d60254757566

SHA1
f468985d793711add69473e1ed7d213e91276a01

SHA256
ed05ad822f3ff79896dde08202a72d007e3399544536088ff1c10f94a5f1a6ad

SHA512
2a42f87d1fa8b69b6b154e2eb6840eeff92b42eebe966b84a668f0ae5fa108d99ef30dbe2aa3bb627a6faf141d1c13cfa0b0648dba2c88ce6209a8f85dad7abd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe

Filesize
468KB

MD5
a0a2f1c84f42b47b0fe72fd5ba0e2f09

SHA1
6d59ed7b2d414f5288694223d39b7905235afed9

SHA256
a1d9777395eb47ded63edd11b45c887afa2e97b06789d86e4a2e55a71f3abc28

SHA512
d8c8d00bd0b7559e20b977c19e6df629b821f99b0e3b7ab5efded82011e46d1c028f715455be534b008c9aca242085d09d93a75adaf70629c72cdf081737125e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47919.exe

Filesize
468KB

MD5
a526281900735e78e27903250935b0b0

SHA1
bcfd4afbab19de4cf6e6c16c1b90d0e081e7431d

SHA256
fe1450e033d2d7ecde173aa8c4387d1838393787e24cf279130fc3068b971661

SHA512
c86d6bcc7c0032bb36d6c0622446a13b70bf8ffbb503b51959d6aea4e0207f9ca268c966351513ae452c7fe32621a438cb0e3b60df255956a6d44808999c6999

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe

Filesize
468KB

MD5
d921868fda63871b763212ae77ab4873

SHA1
1795c0a4e295616f8e98132532270b6ad5fa791b

SHA256
2d973a99d0ce470385d29b770aaf734738df65b443d90505e98bb27be4d0cd1f

SHA512
e051fe06347289fb6122fab231fa6e3d8d2e83e69b609b8067f69e0aa4918d83b420593b08b68193ed27722415aab9bb785237765ddc056ec00f2611040c8646

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe

Filesize
468KB

MD5
d55f46601a1b08b4ef3c43ebf222c4f1

SHA1
0674adb47b65689a18dca5da0f3c9270142ecbe2

SHA256
37634905c4205ee20d363ea62c366229c6674f3c2c64f154a2a9ffd0ace325fc

SHA512
842e91690bf276a02bab77772f1b35e04c0dde8f142de7e7321112eca047c3117b0107eca8601d81765cecb25dea8c8035f0aed82a171231159c1fe559e78610

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe

Filesize
468KB

MD5
d77432e9fb5f95938a7a19f3199d2bfd

SHA1
2cee22b3fd1f769753c74fe516461de7799fa501

SHA256
f75cbf10bab9a9f2759c63324801c72f3b71a8cd0a86931130b04163050f8825

SHA512
abc3acd1778af7ccefcd4d84a4ce26376941fc56fec96133455222f6e5d700bddaf1b1494cf7f54d45c09db3a3f62ee780f7195c42222447ef7fd127681bbc2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe

Filesize
468KB

MD5
92f7c96124c99b03f11904baf122a8f5

SHA1
81b2cb49b3ad2517c5ed3908ac98fcf1d57f2173

SHA256
429a1826c5d900a382c6ae8b6ab8ea752888650e4153f20f24fa070ca8249377

SHA512
aafb3ef52d2b2c1e9910b7d8380e04985d28681a57bc54d5c8e668e4a701be869efffd8f6315cd45f232c47f4dc0cb936f24ba7bc01707fd96000e741602abed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe

Filesize
468KB

MD5
9ddd6fc979c03cd755fa94c02a68e692

SHA1
1db1b170989c575b6292f85146bccfbf84d2fd9a

SHA256
39339af7889d9c28bdf80861e01f1e2181e5deb8c6d4fdd07ad7754cdbb4b68e

SHA512
a18d91b6f0a0c723b812db4e395603e638b0507d45e2ee3e8a38d0f4be5e3f04b539a08654a2998c2d445e0b97c7dc9ce37126509797119b1f0172e61d7397bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe

Filesize
468KB

MD5
58946c02192292d43cfe5b33fc09eb99

SHA1
9acc187a9853db19e1434bfcead46c118298a28f

SHA256
948fc06015d2e4f0819ade08cd88a792041cdf89f0a8ca2b018637df2d630c33

SHA512
1da2a92cc206c35a53a908ea49f45313938b4634044376ba45d830f6174ef28869b00acddfee56436d4ed69fcf62fc868af38e07b99f2b51902f27b1b8a129d2

Download Submit