6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261fe

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 05:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe
Size

184KB
MD5

7bfcb3d784e1c786f30302c825127930
SHA1

1365b8536d773c8fccbd6a0ad7ba5ebe3b4dd2c7
SHA256

6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261fe
SHA512

7a5fefd51f2118fc98453e41ca3dce220ab6bcc1cee726d6d3b07dd23c11b34fae61face4d08ff1a2b723c80e70ac2ab196121fb6f6df35efd51d7b9e9882995
SSDEEP

3072:F+EjTmoTJDWMdD6tWoSVZhXpcvnlnviFEn3:F+JoA4D6AV3XpcPlnviFE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2904	Unicorn-52884.exe
2460	Unicorn-48219.exe
2844	Unicorn-20185.exe
2220	Unicorn-33549.exe
2564	Unicorn-62692.exe
2576	Unicorn-8852.exe
1944	Unicorn-11286.exe
1244	Unicorn-32453.exe
2812	Unicorn-53196.exe
1268	Unicorn-11862.exe
2360	Unicorn-1234.exe
2796	Unicorn-60518.exe
1992	Unicorn-43990.exe
2192	Unicorn-15764.exe
1036	Unicorn-56797.exe
1136	Unicorn-19294.exe
2348	Unicorn-11125.exe
2892	Unicorn-28531.exe
956	Unicorn-8665.exe
1524	Unicorn-34918.exe
1788	Unicorn-54784.exe
1852	Unicorn-21571.exe
2976	Unicorn-41437.exe
2180	Unicorn-25101.exe
2952	Unicorn-8380.exe
2292	Unicorn-45884.exe
2956	Unicorn-57581.exe
1560	Unicorn-21955.exe
2612	Unicorn-41821.exe
776	Unicorn-25485.exe
2088	Unicorn-13787.exe
2464	Unicorn-17125.exe
2876	Unicorn-50119.exe
2752	Unicorn-41951.exe
2800	Unicorn-13725.exe
1868	Unicorn-60207.exe
896	Unicorn-49579.exe
1436	Unicorn-24005.exe
1972	Unicorn-43871.exe
2492	Unicorn-53492.exe
1312	Unicorn-48894.exe
2856	Unicorn-45132.exe
2516	Unicorn-11499.exe
2880	Unicorn-49003.exe
2160	Unicorn-52340.exe
448	Unicorn-24306.exe
2044	Unicorn-36004.exe
1936	Unicorn-36004.exe
1384	Unicorn-19476.exe
1860	Unicorn-65147.exe
2144	Unicorn-11307.exe
912	Unicorn-48811.exe
3032	Unicorn-39398.exe
336	Unicorn-60373.exe
2012	Unicorn-39206.exe
2408	Unicorn-11172.exe
1988	Unicorn-43845.exe
2336	Unicorn-47758.exe
2560	Unicorn-23254.exe
2644	Unicorn-23254.exe
2428	Unicorn-6725.exe
1672	Unicorn-26932.exe
2440	Unicorn-38630.exe
1056	Unicorn-2428.exe

Loads dropped DLL 64 IoCs

pid	Process
1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe
1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe
2904	Unicorn-52884.exe
2904	Unicorn-52884.exe
1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe
1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe
2460	Unicorn-48219.exe
2460	Unicorn-48219.exe
2904	Unicorn-52884.exe
2904	Unicorn-52884.exe
2844	Unicorn-20185.exe
2844	Unicorn-20185.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2220	Unicorn-33549.exe
2220	Unicorn-33549.exe
2460	Unicorn-48219.exe
2460	Unicorn-48219.exe
2564	Unicorn-62692.exe
2564	Unicorn-62692.exe
2576	Unicorn-8852.exe
2576	Unicorn-8852.exe
2844	Unicorn-20185.exe
2844	Unicorn-20185.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
2792	WerFault.exe
2792	WerFault.exe
2792	WerFault.exe
2792	WerFault.exe
2792	WerFault.exe
1244	Unicorn-32453.exe
1244	Unicorn-32453.exe
1944	Unicorn-11286.exe
2220	Unicorn-33549.exe
1944	Unicorn-11286.exe
2220	Unicorn-33549.exe
2576	Unicorn-8852.exe
2576	Unicorn-8852.exe
1268	Unicorn-11862.exe
1268	Unicorn-11862.exe
2812	Unicorn-53196.exe
2812	Unicorn-53196.exe
2360	Unicorn-1234.exe
2360	Unicorn-1234.exe
2564	Unicorn-62692.exe
2564	Unicorn-62692.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
952	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2372	1128	WerFault.exe	30
2596	2904	WerFault.exe	31
1332	2460	WerFault.exe	32
2792	2844	WerFault.exe	33
1488	2220	WerFault.exe	35
1752	2564	WerFault.exe	36
952	2576	WerFault.exe	37
2740	1244	WerFault.exe	40
2832	1944	WerFault.exe	39
2696	1268	WerFault.exe	42
2436	2812	WerFault.exe	41
2700	2360	WerFault.exe	43
1792	2796	WerFault.exe	46
2104	1992	WerFault.exe	47
1644	2192	WerFault.exe	48
2168	2892	WerFault.exe	52
1164	1136	WerFault.exe	50
612	2348	WerFault.exe	51
2760	1036	WerFault.exe	49
2616	956	WerFault.exe	53
2568	1524	WerFault.exe	58
1928	1788	WerFault.exe	57
1796	1852	WerFault.exe	59
408	2976	WerFault.exe	60
1528	2180	WerFault.exe	61
1532	2952	WerFault.exe	62
2680	2292	WerFault.exe	63
2672	776	WerFault.exe	68
1964	2956	WerFault.exe	64
1724	1560	WerFault.exe	65
812	2464	WerFault.exe	69
1640	2088	WerFault.exe	67
708	2612	WerFault.exe	66
3580	2876	WerFault.exe	72
3604	2752	WerFault.exe	73
3632	2800	WerFault.exe	75
3800	1972	WerFault.exe	81
3836	1312	WerFault.exe	83
3888	1664	WerFault.exe	162
3904	2492	WerFault.exe	82
4056	2880	WerFault.exe	86
3092	1860	WerFault.exe	91
3096	448	WerFault.exe	88
3308	2044	WerFault.exe	90
3512	3032	WerFault.exe	97
3984	3136	WerFault.exe	231
3992	2516	WerFault.exe	85
3612	336	WerFault.exe	99
3708	1672	WerFault.exe	112
3728	912	WerFault.exe	94
3788	2144	WerFault.exe	93
3844	1384	WerFault.exe	92
3896	1868	WerFault.exe	78
3952	2556	WerFault.exe	130
3960	2628	WerFault.exe	117
3964	2020	WerFault.exe	119
4028	2160	WerFault.exe	87
3180	1380	WerFault.exe	115
3260	1740	WerFault.exe	124
3444	2856	WerFault.exe	84
3104	2996	WerFault.exe	129
3144	920	WerFault.exe	121
3552	1092	WerFault.exe	133
3564	896	WerFault.exe	79

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28659.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44578.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41951.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41811.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe
2904	Unicorn-52884.exe
2460	Unicorn-48219.exe
2844	Unicorn-20185.exe
2220	Unicorn-33549.exe
2564	Unicorn-62692.exe
2576	Unicorn-8852.exe
1944	Unicorn-11286.exe
1244	Unicorn-32453.exe
2812	Unicorn-53196.exe
1268	Unicorn-11862.exe
2360	Unicorn-1234.exe
2796	Unicorn-60518.exe
1992	Unicorn-43990.exe
2192	Unicorn-15764.exe
1036	Unicorn-56797.exe
1136	Unicorn-19294.exe
2892	Unicorn-28531.exe
956	Unicorn-8665.exe
2348	Unicorn-11125.exe
1524	Unicorn-34918.exe
1788	Unicorn-54784.exe
1852	Unicorn-21571.exe
2976	Unicorn-41437.exe
2180	Unicorn-25101.exe
2952	Unicorn-8380.exe
2292	Unicorn-45884.exe
2956	Unicorn-57581.exe
2612	Unicorn-41821.exe
1560	Unicorn-21955.exe
776	Unicorn-25485.exe
2088	Unicorn-13787.exe
2464	Unicorn-17125.exe
2876	Unicorn-50119.exe
2752	Unicorn-41951.exe
2800	Unicorn-13725.exe
1868	Unicorn-60207.exe
896	Unicorn-49579.exe
1436	Unicorn-24005.exe
1972	Unicorn-43871.exe
2492	Unicorn-53492.exe
1312	Unicorn-48894.exe
2856	Unicorn-45132.exe
2516	Unicorn-11499.exe
2880	Unicorn-49003.exe
2160	Unicorn-52340.exe
1384	Unicorn-19476.exe
448	Unicorn-24306.exe
2044	Unicorn-36004.exe
1936	Unicorn-36004.exe
1860	Unicorn-65147.exe
912	Unicorn-48811.exe
2144	Unicorn-11307.exe
3032	Unicorn-39398.exe
336	Unicorn-60373.exe
2012	Unicorn-39206.exe
2408	Unicorn-11172.exe
1988	Unicorn-43845.exe
2336	Unicorn-47758.exe
2560	Unicorn-23254.exe
2644	Unicorn-23254.exe
2428	Unicorn-6725.exe
1672	Unicorn-26932.exe
2440	Unicorn-38630.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 2904	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	31
PID 1128 wrote to memory of 2904	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	31
PID 1128 wrote to memory of 2904	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	31
PID 1128 wrote to memory of 2904	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	31
PID 2904 wrote to memory of 2460	2904	Unicorn-52884.exe	32
PID 2904 wrote to memory of 2460	2904	Unicorn-52884.exe	32
PID 2904 wrote to memory of 2460	2904	Unicorn-52884.exe	32
PID 2904 wrote to memory of 2460	2904	Unicorn-52884.exe	32
PID 1128 wrote to memory of 2844	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	33
PID 1128 wrote to memory of 2844	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	33
PID 1128 wrote to memory of 2844	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	33
PID 1128 wrote to memory of 2844	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	33
PID 1128 wrote to memory of 2372	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	34
PID 1128 wrote to memory of 2372	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	34
PID 1128 wrote to memory of 2372	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	34
PID 1128 wrote to memory of 2372	1128	6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe	34
PID 2460 wrote to memory of 2220	2460	Unicorn-48219.exe	35
PID 2460 wrote to memory of 2220	2460	Unicorn-48219.exe	35
PID 2460 wrote to memory of 2220	2460	Unicorn-48219.exe	35
PID 2460 wrote to memory of 2220	2460	Unicorn-48219.exe	35
PID 2904 wrote to memory of 2564	2904	Unicorn-52884.exe	36
PID 2904 wrote to memory of 2564	2904	Unicorn-52884.exe	36
PID 2904 wrote to memory of 2564	2904	Unicorn-52884.exe	36
PID 2904 wrote to memory of 2564	2904	Unicorn-52884.exe	36
PID 2844 wrote to memory of 2576	2844	Unicorn-20185.exe	37
PID 2844 wrote to memory of 2576	2844	Unicorn-20185.exe	37
PID 2844 wrote to memory of 2576	2844	Unicorn-20185.exe	37
PID 2844 wrote to memory of 2576	2844	Unicorn-20185.exe	37
PID 2904 wrote to memory of 2596	2904	Unicorn-52884.exe	38
PID 2904 wrote to memory of 2596	2904	Unicorn-52884.exe	38
PID 2904 wrote to memory of 2596	2904	Unicorn-52884.exe	38
PID 2904 wrote to memory of 2596	2904	Unicorn-52884.exe	38
PID 2220 wrote to memory of 1944	2220	Unicorn-33549.exe	39
PID 2220 wrote to memory of 1944	2220	Unicorn-33549.exe	39
PID 2220 wrote to memory of 1944	2220	Unicorn-33549.exe	39
PID 2220 wrote to memory of 1944	2220	Unicorn-33549.exe	39
PID 2460 wrote to memory of 1244	2460	Unicorn-48219.exe	40
PID 2460 wrote to memory of 1244	2460	Unicorn-48219.exe	40
PID 2460 wrote to memory of 1244	2460	Unicorn-48219.exe	40
PID 2460 wrote to memory of 1244	2460	Unicorn-48219.exe	40
PID 2564 wrote to memory of 2812	2564	Unicorn-62692.exe	41
PID 2564 wrote to memory of 2812	2564	Unicorn-62692.exe	41
PID 2564 wrote to memory of 2812	2564	Unicorn-62692.exe	41
PID 2564 wrote to memory of 2812	2564	Unicorn-62692.exe	41
PID 2576 wrote to memory of 1268	2576	Unicorn-8852.exe	42
PID 2576 wrote to memory of 1268	2576	Unicorn-8852.exe	42
PID 2576 wrote to memory of 1268	2576	Unicorn-8852.exe	42
PID 2576 wrote to memory of 1268	2576	Unicorn-8852.exe	42
PID 2844 wrote to memory of 2360	2844	Unicorn-20185.exe	43
PID 2844 wrote to memory of 2360	2844	Unicorn-20185.exe	43
PID 2844 wrote to memory of 2360	2844	Unicorn-20185.exe	43
PID 2844 wrote to memory of 2360	2844	Unicorn-20185.exe	43
PID 2460 wrote to memory of 1332	2460	Unicorn-48219.exe	44
PID 2460 wrote to memory of 1332	2460	Unicorn-48219.exe	44
PID 2460 wrote to memory of 1332	2460	Unicorn-48219.exe	44
PID 2460 wrote to memory of 1332	2460	Unicorn-48219.exe	44
PID 2844 wrote to memory of 2792	2844	Unicorn-20185.exe	45
PID 2844 wrote to memory of 2792	2844	Unicorn-20185.exe	45
PID 2844 wrote to memory of 2792	2844	Unicorn-20185.exe	45
PID 2844 wrote to memory of 2792	2844	Unicorn-20185.exe	45
PID 1244 wrote to memory of 2796	1244	Unicorn-32453.exe	46
PID 1244 wrote to memory of 2796	1244	Unicorn-32453.exe	46
PID 1244 wrote to memory of 2796	1244	Unicorn-32453.exe	46
PID 1244 wrote to memory of 2796	1244	Unicorn-32453.exe	46

C:\Users\Admin\AppData\Local\Temp\6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe
"C:\Users\Admin\AppData\Local\Temp\6964329eb19cd05e1645fd44a9bac8e29f17748c08308a7075dda0bf4c2261feN.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
        11⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
        12⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        12⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        11⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
        9⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        8⤵
        Program crash
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
        11⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
        12⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        10⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        8⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52172.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        10⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        11⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        12⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        11⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        10⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 216
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        8⤵
        Program crash
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        7⤵
        Program crash
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        12⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        12⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        11⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
        10⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        8⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
        11⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
        12⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        11⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        10⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
        9⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        8⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2006.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        11⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        12⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        12⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        11⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        11⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35201.exe
        12⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        11⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        8⤵
        Program crash
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        7⤵
        Program crash
        
        PID:1796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        6⤵
        Program crash
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38630.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        11⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        12⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
        13⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        13⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        12⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        11⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65182.exe
        10⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        11⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50519.exe
        12⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        12⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        11⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        10⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 220
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        8⤵
        Program crash
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        7⤵
        Executes dropped EXE
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        11⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        12⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51101.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
        12⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        11⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        10⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        11⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
        11⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        10⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        8⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
        7⤵
        Program crash
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18030.exe
        11⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        12⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        11⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        9⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        10⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
        11⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 236
        10⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
        9⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        7⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 200
        8⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 220
        7⤵
        
        PID:4888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        6⤵
        Program crash
        
        PID:1644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54784.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41951.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39206.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        10⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        11⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56459.exe
        12⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
        13⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        14⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        13⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        12⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        11⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36400.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 236
        12⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        11⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
        10⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54041.exe
        11⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        12⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        11⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        9⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        8⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55040.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
        12⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        11⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        10⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 240
        11⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        8⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        7⤵
        Program crash
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
        11⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        12⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        11⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        10⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        10⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        11⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
        10⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        9⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        9⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25508.exe
        10⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
        11⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        10⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        8⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        7⤵
        Program crash
        
        PID:3632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        6⤵
        Program crash
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24362.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        11⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        12⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        10⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        10⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        11⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        12⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        11⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 236
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        9⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        8⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        11⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
        12⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        11⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        9⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        8⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        7⤵
        Program crash
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48291.exe
        10⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
        11⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        12⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        11⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        9⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 236
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2696.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        9⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        10⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        11⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
        11⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        10⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        9⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        8⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
        7⤵
        Program crash
        
        PID:3612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        6⤵
        Program crash
        
        PID:2568
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        5⤵
        Program crash
        
        PID:2740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11307.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
        8⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        11⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        13⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        12⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
        11⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
        9⤵
        Program crash
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        11⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49124.exe
        12⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        8⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
        10⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        11⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
        12⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        11⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35326.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
        11⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 236
        10⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 220
        8⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        7⤵
        Program crash
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        10⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
        11⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        12⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
        12⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        11⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        10⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34060.exe
        10⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        11⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 236
        11⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        10⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        10⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        11⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        10⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        9⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        8⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        6⤵
        Program crash
        
        PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33451.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47823.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        10⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16131.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        12⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
        11⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        10⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        9⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        8⤵
        Program crash
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 220
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        9⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        8⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        7⤵
        Program crash
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        10⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        11⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
        10⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        9⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        7⤵
        Program crash
        
        PID:3952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        6⤵
        Program crash
        
        PID:1640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        5⤵
        Program crash
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
        7⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1995.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
        10⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55724.exe
        11⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        11⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        10⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44855.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39630.exe
        9⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
        10⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        10⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        9⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        8⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        7⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        10⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23296.exe
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
        11⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        10⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 188
        8⤵
        Program crash
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 220
        7⤵
        
        PID:5432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        6⤵
        Program crash
        
        PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        10⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 236
        10⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        9⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        8⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        7⤵
        
        PID:4900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        6⤵
        Program crash
        
        PID:3092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        5⤵
        Program crash
        
        PID:2616
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52340.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33643.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        11⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        12⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 236
        12⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        10⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64435.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39151.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
        12⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        11⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        10⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        8⤵
        Program crash
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60257.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        10⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        11⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
        12⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        11⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        10⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        9⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        7⤵
        Program crash
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24306.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64543.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        9⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        12⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
        12⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        11⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        10⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32533.exe
        11⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        10⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        9⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 220
        8⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 216
        7⤵
        Program crash
        
        PID:3096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
        6⤵
        Program crash
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21955.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        11⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        10⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        9⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
        10⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        11⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
        11⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        10⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        8⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        7⤵
        Program crash
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
        10⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        11⤵
        
        PID:536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        9⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
        9⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
        10⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        10⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 236
        9⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        8⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
        7⤵
        
        PID:5300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 220
        6⤵
        Program crash
        
        PID:1724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
        5⤵
        Program crash
        
        PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20076.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        10⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40988.exe
        11⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17578.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 236
        11⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        10⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
        9⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 200
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
        9⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        8⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        7⤵
        Program crash
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
        6⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
        10⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        11⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        10⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        9⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
        7⤵
        
        PID:4356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        6⤵
        Program crash
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49003.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        6⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46339.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        10⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47333.exe
        11⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
        11⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        10⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        9⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        10⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        9⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
        8⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        7⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        6⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33854.exe
        8⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 220
        9⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        8⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
        7⤵
        
        PID:5348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        6⤵
        Program crash
        
        PID:4056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        5⤵
        Program crash
        
        PID:2760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
        7⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
        10⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46956.exe
        11⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
        11⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
        10⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26975.exe
        11⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        7⤵
        Program crash
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59598.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
        9⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        10⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        10⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        9⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        8⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        7⤵
        Program crash
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        6⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37927.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65504.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
        10⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        10⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        9⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        8⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 216
        7⤵
        Program crash
        
        PID:3180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
        6⤵
        Program crash
        
        PID:3836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        5⤵
        Program crash
        
        PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24683.exe
        10⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        11⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        10⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        9⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        8⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        7⤵
        Program crash
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26037.exe
        6⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
        8⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
        9⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        8⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 216
        7⤵
        
        PID:4604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        6⤵
        Program crash
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        5⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
        6⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
        9⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        10⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
        10⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        9⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 236
        8⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        7⤵
        
        PID:5132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
        6⤵
        Program crash
        
        PID:3144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        5⤵
        Program crash
        
        PID:2680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
      4⤵
      Program crash
      PID:2700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2792
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
  2⤵
  - Program crash
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22168.exe

Filesize
184KB

MD5
56de51df851baca956663dce2413ba6e

SHA1
44788dcea375730a51685c04fb197c7e834ff832

SHA256
e6fc6d2fdba7235d1eb9c0d59b28898d941c9ac63b33070f27a2bddfe0f6bc37

SHA512
8321374585d980db1d462c84e43aa3e9e1eecd47cf2ec68c022b9d9fa2c4e8502c3c20d636aeaf5bd007f258eb9f42a77cfc64995cb09e79e0c29005756d38fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe

Filesize
184KB

MD5
98c61323c17c6ec95fa6cba6e5c8c504

SHA1
145d01e0d23a7406bf7439623b9d92a87129561f

SHA256
3b1d5eb3501ae2417737582648b25fab10c1f76fa8e10914aa8983fc2e332cd8

SHA512
8663e7a6f0d782a3b8a4f6400e8bcb1263e2281bcd4e99cb46b147e3dfe9678bc91b07fb51e6a1f59809848139e6efa30cd8108ed71faebdffce4f52caf35942

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32453.exe

Filesize
184KB

MD5
7840eb03c7b215ae057f077839e401d1

SHA1
08961ba86380f3caa5b6529701c511b55ff12b97

SHA256
67cd01fbae976bf232837d3a0173dde9c2f2cde2bd07b5bd303075ddc64516f3

SHA512
fa55bceac3b0dfb4bced7e1455a801de907b987d20961e217a6e2a0b096839be378e158dd18d862eb0fe851e29c5068ee4ea12543aad9b0118f8304b84994bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe

Filesize
184KB

MD5
c1909b47a81f7677a3517fabd6bfe43f

SHA1
1a75bfb05dcc7eed2abd266f0542db8d8b85d59e

SHA256
9411f521a4bc00406e6a373daa617a40033f7dbc6df6209f3c89abe191dece3f

SHA512
55dc8d924d308b5cb2f6e5ac39757b3615a732a9501f7ae4fed17386a922813b1fb447ef95be6f911525013efb31977aec026af9fcc942af8ab21b241dac502a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe

Filesize
184KB

MD5
4bc474c33dbeedef7bcb7bdb88e3eeb1

SHA1
0c2c3939521cc7425064f3a577abd6e999872726

SHA256
b8f4554757d2413f12083aab600437f06d5c1440247a417061d72d7fd09fb2a2

SHA512
b6b187e6b86320438d3e074e396a766e4e18ad90d68e4f25c6fbd96411cff5ecdebff8244d60e222d4fff9df93a2e818d0ac262fdfc7bc441c82c4f009a73d80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe

Filesize
184KB

MD5
b5e3bdcfda67ad18b0ad36a7566d32f3

SHA1
ec565d698b27483dcd767b1cb8d710576866ff80

SHA256
00290d042f7bb385002e441111f99a05959bc8d7bd907d4ab5010d3aae3575a2

SHA512
be888a11831c034bcfe18379e0668375ca8015cc23498f971113d46adf1a0ad1b4003f3bc2280c005a2e51fd8cb69324799eb90ccf9d12f11d2d3d0d0f89934a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe

Filesize
184KB

MD5
43a425bdf24edbe5e4faff39393ff94e

SHA1
76cfa50afb9e15487a8cb75738038309d2d2e42e

SHA256
ded0e9c6cbbda0f2afdc15fdbc3c9cc7f05fd7a0cf28f67265bcf204797ba6e7

SHA512
708510586f7e7eb7a9b05a944193ac0f74bf019105dd93bc47f40616ae1e3e3913b428eb5c6daa9865d584ea3856434951b7ef5df0581962e50cfc4c79e47746

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe

Filesize
184KB

MD5
e40dca638b3a2b936aee829d4cd94c69

SHA1
b66076af7f8c80df484af6e1e512ea04ff041ad1

SHA256
43042a2fa9de9a3418b2903f75a82e52506cae1db759e42e2d3309a435cb37e5

SHA512
d52291473f7435d388127d0100a93dd2e23fd862ca1ba44648ecb40361e85e8c14a7ec56dab71ffafc0d45dc42b9fd83718194e0cfe2b8dc3527d04faa4a1f8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe

Filesize
184KB

MD5
599fdff249deb872927c9eb2a14d40db

SHA1
fe6ec9f72947a505aae2634139e1dfe6a8b38552

SHA256
520a2b8aa529036e7766f119c222f30bcc4006982f1942eabae867e2f6379bf6

SHA512
83094cd2390d275de08eeb6c57da4de11aa3d3a3a95b13910ebc96bb1ce91e98e043be335b4600041df0531b6e871c9914682d3598e824a982fe80125b5413a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe

Filesize
184KB

MD5
db42fcca83829e95feab7f804f1c9eda

SHA1
b00d30a2ad892ef0301117c406255c8ca5971e9f

SHA256
f8812548675b4ebe97b2bdb88ed9f41e504bb2e9baa5641b9a89f1b2c1b576b5

SHA512
6505a6dbecf131c5b99e6619e531b91274bfc4d07fe380ea762c2d05547ee4b744581a595b601ef91dc099dc46030a918e260c6d812ee6b1e699b5c6828eb4c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe

Filesize
184KB

MD5
03bc0898e11e126a599ef9916d98f59f

SHA1
84fd4ca5cd8a6069e9d36696520a44f2fba87290

SHA256
2ce9db3106f0ab33db3a35000e75528c015b2f12506677ee080ad8664b212bb3

SHA512
1d5371ffac8095b2c9323dd908a2fcea425304791125b811ca9ec698712cdb3303fc140a11ac8b96e8fa62da8202a262d8a6165c1a05f6bc56e1f1e4bd33ccf2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe

Filesize
184KB

MD5
5b6f19c0209d9b7973092083b4be49e6

SHA1
dff50d890f2fddc24a99c88eb99cc4da047a17e8

SHA256
3d219ac86dfaf4d90b364a46bd1e23eb39641e2147c9ca30724a3d1c7a03fddd

SHA512
bf685521292dbf035e98f1928b8951a4a4322ef98c086cdcc410f491b167db36879dd52527cdf26c24f71473aae75d3eace9067a6d99a26d9cf10ce314bb49fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe

Filesize
184KB

MD5
af73a5b66c39b66f2c14a6b21a3e13da

SHA1
740a78366d13a7d26b7370b7f0db60a2ab7c7ee9

SHA256
0322e90f9627cbefef5fb7012b6cde9edd4ccf9b33a8837a878ddc5d51d40bdf

SHA512
efd2dd96bcbe1fdf35a2826b160340f475c886d857b21e3eac826f30114d4e2b15d546d2cb2c7385e368befdbafa68f6a666e904c358960a53d8ff06ead1ea60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52884.exe

Filesize
184KB

MD5
42db5873b530866f0faf277184733615

SHA1
52a54a9df74aa6605f4e80dfd3d0384b60566acc

SHA256
25f3a6619d9e63e1bb085722b1049756fe9346e4f80b05c1b97f778f549d52cd

SHA512
8d8af6efc25a3f2f4a330a9ddd9e4c41877e8254c3d4e17cb16ace909f73a21d1405afbf66f4086d9db509385ef6d03c7aacbd5af226a3de4ce47416b51fc9f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe

Filesize
184KB

MD5
c2edc417222cfa059450b4b48c2be953

SHA1
a3e41ef8e3ff5cd26b050ea97572911969c05e4e

SHA256
5081c10b6d41ef4878257da5b10d1bae2bc3a593703821e633b34d66f2f4b116

SHA512
9b61f8616e8645609c5e8875e78ecd3f9a7e6bf28c24e869205dee2d1e0cf4d89e9ff9eaa477a2bea9860152aecc7d7952965fbad9f6bbbc535bafad9a381c44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe

Filesize
184KB

MD5
fc6fb40671f6c764b8535e078e42cc35

SHA1
ca8fb98f94373455047f3f1c2c8138b9db6bf8bc

SHA256
8aa7b37abaf0e15cd0045878d621a0e8e7f74600a6d4a512ad251447376a3644

SHA512
c2f6e4e05548b1849f7f23d485c7fe81a2e27e910922287347a309e15bb5ab663443bfeaf6838e290f6431bb442de9283a2145ab7bbcccd099a92fab54b7da0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe

Filesize
184KB

MD5
f29de386cb03589ab40b44157b63da36

SHA1
4f514ce99b033ac86b29cb69755f5f3f8dd44cd5

SHA256
8f099412cf1ed5c7838a419b2781c03e1a1bd28122212257755f3d377965506c

SHA512
60aa5ac5553270ead99a2e7db33fb718ec1a3a5844a0f61e15a62f838b7f90c56e47aaf19c77b8b5298702bcb7dacbd3d94d09b53cbd1413cc982ae866490947

Download Submit