ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe
Size

468KB
MD5

917c232adb1a86b14495925cefde7210
SHA1

156f529b8b0b48e17d46881d201637abde7e1f83
SHA256

ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93
SHA512

eb9823d3a56ccd11395b2ae8dbfaac2be7b33b6ef22dc590fc9ed3a9ce7137d73405ab10ce91e12d7ad7ade90745463579b68e9678de0c2f8294f0d91ac034a4
SSDEEP

3072:9gAkogawIUBKtCIdPzWjbfD/ECLbIIpD2mHeA2+nLbCLqRoY1wlO:9gPovkKttPijbfW0cALbEqoY1

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1752	Unicorn-13354.exe
2328	Unicorn-15850.exe
1300	Unicorn-35716.exe
2736	Unicorn-8492.exe
2640	Unicorn-37552.exe
2876	Unicorn-48181.exe
588	Unicorn-34507.exe
2592	Unicorn-55674.exe
992	Unicorn-10002.exe
704	Unicorn-39145.exe
1816	Unicorn-18171.exe
2936	Unicorn-40052.exe
1324	Unicorn-61219.exe
2144	Unicorn-56772.exe
2368	Unicorn-24100.exe
448	Unicorn-55163.exe
2972	Unicorn-50524.exe
1036	Unicorn-38826.exe
1336	Unicorn-22450.exe
864	Unicorn-10944.exe
1592	Unicorn-22642.exe
2524	Unicorn-63482.exe
2252	Unicorn-43616.exe
1988	Unicorn-20840.exe
1004	Unicorn-40706.exe
1944	Unicorn-61873.exe
2304	Unicorn-7841.exe
2520	Unicorn-32730.exe
2356	Unicorn-12864.exe
2172	Unicorn-23493.exe
2868	Unicorn-32729.exe
2136	Unicorn-52595.exe
2652	Unicorn-28283.exe
2892	Unicorn-52787.exe
2352	Unicorn-26481.exe
2692	Unicorn-13482.exe
1756	Unicorn-46539.exe
1936	Unicorn-10337.exe
1128	Unicorn-22227.exe
2996	Unicorn-30395.exe
1440	Unicorn-10529.exe
2196	Unicorn-13866.exe
2700	Unicorn-51370.exe
2372	Unicorn-54899.exe
1784	Unicorn-63067.exe
408	Unicorn-38755.exe
376	Unicorn-46923.exe
628	Unicorn-27057.exe
824	Unicorn-63617.exe
1512	Unicorn-19055.exe
2264	Unicorn-38921.exe
2432	Unicorn-10887.exe
1716	Unicorn-30753.exe
2852	Unicorn-53057.exe
2824	Unicorn-64795.exe
2884	Unicorn-61609.exe
2140	Unicorn-53441.exe
1292	Unicorn-58080.exe
1088	Unicorn-52564.exe
600	Unicorn-55859.exe
484	Unicorn-2019.exe
1740	Unicorn-10379.exe
2976	Unicorn-64219.exe
2124	Unicorn-27100.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe
2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe
2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe
2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe
1752	Unicorn-13354.exe
1752	Unicorn-13354.exe
1300	Unicorn-35716.exe
1300	Unicorn-35716.exe
1752	Unicorn-13354.exe
1752	Unicorn-13354.exe
2328	Unicorn-15850.exe
2328	Unicorn-15850.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
2640	Unicorn-37552.exe
2640	Unicorn-37552.exe
2736	Unicorn-8492.exe
2736	Unicorn-8492.exe
1300	Unicorn-35716.exe
1300	Unicorn-35716.exe
2876	Unicorn-48181.exe
2876	Unicorn-48181.exe
2328	Unicorn-15850.exe
2328	Unicorn-15850.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
588	Unicorn-34507.exe
588	Unicorn-34507.exe
2640	Unicorn-37552.exe
2640	Unicorn-37552.exe
2592	Unicorn-55674.exe
2592	Unicorn-55674.exe
992	Unicorn-10002.exe
992	Unicorn-10002.exe
2736	Unicorn-8492.exe
2736	Unicorn-8492.exe
1816	Unicorn-18171.exe
1816	Unicorn-18171.exe
2876	Unicorn-48181.exe
2876	Unicorn-48181.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2812	2532	WerFault.exe	29
1780	1752	WerFault.exe	30
1792	1300	WerFault.exe	32
2704	2328	WerFault.exe	31
1164	2640	WerFault.exe	35
2032	2736	WerFault.exe	34
2204	2876	WerFault.exe	36
2712	588	WerFault.exe	39
2816	2592	WerFault.exe	41
2756	992	WerFault.exe	40
1580	704	WerFault.exe	43
576	1816	WerFault.exe	42
2440	2936	WerFault.exe	46
1808	1324	WerFault.exe	47
2068	2144	WerFault.exe	48
1956	2368	WerFault.exe	49
2836	448	WerFault.exe	50
2492	2972	WerFault.exe	51
2636	1036	WerFault.exe	52
1800	1336	WerFault.exe	56
2776	864	WerFault.exe	57
1480	1592	WerFault.exe	58
2856	2252	WerFault.exe	60
816	2524	WerFault.exe	59
2484	1004	WerFault.exe	62
1016	2304	WerFault.exe	64
3048	1988	WerFault.exe	61
1032	2356	WerFault.exe	66
972	1944	WerFault.exe	63
1924	2520	WerFault.exe	65
1540	2172	WerFault.exe	67
3512	2692	WerFault.exe	78
3528	1128	WerFault.exe	81
3552	408	WerFault.exe	88
3560	2700	WerFault.exe	84
3576	2996	WerFault.exe	83
3608	2196	WerFault.exe	85
3656	2136	WerFault.exe	71
3708	376	WerFault.exe	89
3716	2372	WerFault.exe	86
3824	1784	WerFault.exe	87
3844	1512	WerFault.exe	96
3116	2824	WerFault.exe	102
3204	2264	WerFault.exe	95
3232	2432	WerFault.exe	97
3308	2852	WerFault.exe	100
3900	1716	WerFault.exe	98
3920	2128	WerFault.exe	121
3944	1504	WerFault.exe	124
3988	3040	WerFault.exe	119
4044	1088	WerFault.exe	108
4084	1756	WerFault.exe	79
4076	1440	WerFault.exe	82
3076	2868	WerFault.exe	70
3084	1936	WerFault.exe	80
3148	1748	WerFault.exe	120
3196	896	WerFault.exe	123
3296	2884	WerFault.exe	105
3464	2976	WerFault.exe	112
3468	2892	WerFault.exe	74
3800	2352	WerFault.exe	77
3896	484	WerFault.exe	110
3356	2140	WerFault.exe	106
3592	2652	WerFault.exe	72

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37177.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25917.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe
1752	Unicorn-13354.exe
1300	Unicorn-35716.exe
2328	Unicorn-15850.exe
2736	Unicorn-8492.exe
2640	Unicorn-37552.exe
2876	Unicorn-48181.exe
588	Unicorn-34507.exe
2592	Unicorn-55674.exe
992	Unicorn-10002.exe
1816	Unicorn-18171.exe
704	Unicorn-39145.exe
2936	Unicorn-40052.exe
1324	Unicorn-61219.exe
2144	Unicorn-56772.exe
2368	Unicorn-24100.exe
448	Unicorn-55163.exe
2972	Unicorn-50524.exe
1036	Unicorn-38826.exe
1336	Unicorn-22450.exe
864	Unicorn-10944.exe
1592	Unicorn-22642.exe
2524	Unicorn-63482.exe
2252	Unicorn-43616.exe
1004	Unicorn-40706.exe
1988	Unicorn-20840.exe
1944	Unicorn-61873.exe
2304	Unicorn-7841.exe
2356	Unicorn-12864.exe
2520	Unicorn-32730.exe
2172	Unicorn-23493.exe
2136	Unicorn-52595.exe
2868	Unicorn-32729.exe
2652	Unicorn-28283.exe
2892	Unicorn-52787.exe
2352	Unicorn-26481.exe
2692	Unicorn-13482.exe
1756	Unicorn-46539.exe
1936	Unicorn-10337.exe
1128	Unicorn-22227.exe
2996	Unicorn-30395.exe
2196	Unicorn-13866.exe
1440	Unicorn-10529.exe
2700	Unicorn-51370.exe
2372	Unicorn-54899.exe
1784	Unicorn-63067.exe
408	Unicorn-38755.exe
628	Unicorn-27057.exe
376	Unicorn-46923.exe
824	Unicorn-63617.exe
1512	Unicorn-19055.exe
2264	Unicorn-38921.exe
1716	Unicorn-30753.exe
2432	Unicorn-10887.exe
2852	Unicorn-53057.exe
2824	Unicorn-64795.exe
2884	Unicorn-61609.exe
2140	Unicorn-53441.exe
1292	Unicorn-58080.exe
1088	Unicorn-52564.exe
600	Unicorn-55859.exe
484	Unicorn-2019.exe
1740	Unicorn-10379.exe
2976	Unicorn-64219.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1752	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	30
PID 2532 wrote to memory of 1752	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	30
PID 2532 wrote to memory of 1752	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	30
PID 2532 wrote to memory of 1752	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	30
PID 2532 wrote to memory of 2328	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	31
PID 2532 wrote to memory of 2328	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	31
PID 2532 wrote to memory of 2328	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	31
PID 2532 wrote to memory of 2328	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	31
PID 1752 wrote to memory of 1300	1752	Unicorn-13354.exe	32
PID 1752 wrote to memory of 1300	1752	Unicorn-13354.exe	32
PID 1752 wrote to memory of 1300	1752	Unicorn-13354.exe	32
PID 1752 wrote to memory of 1300	1752	Unicorn-13354.exe	32
PID 2532 wrote to memory of 2812	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	33
PID 2532 wrote to memory of 2812	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	33
PID 2532 wrote to memory of 2812	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	33
PID 2532 wrote to memory of 2812	2532	ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe	33
PID 1300 wrote to memory of 2736	1300	Unicorn-35716.exe	34
PID 1300 wrote to memory of 2736	1300	Unicorn-35716.exe	34
PID 1300 wrote to memory of 2736	1300	Unicorn-35716.exe	34
PID 1300 wrote to memory of 2736	1300	Unicorn-35716.exe	34
PID 1752 wrote to memory of 2640	1752	Unicorn-13354.exe	35
PID 1752 wrote to memory of 2640	1752	Unicorn-13354.exe	35
PID 1752 wrote to memory of 2640	1752	Unicorn-13354.exe	35
PID 1752 wrote to memory of 2640	1752	Unicorn-13354.exe	35
PID 2328 wrote to memory of 2876	2328	Unicorn-15850.exe	36
PID 2328 wrote to memory of 2876	2328	Unicorn-15850.exe	36
PID 2328 wrote to memory of 2876	2328	Unicorn-15850.exe	36
PID 2328 wrote to memory of 2876	2328	Unicorn-15850.exe	36
PID 1752 wrote to memory of 1780	1752	Unicorn-13354.exe	38
PID 1752 wrote to memory of 1780	1752	Unicorn-13354.exe	38
PID 1752 wrote to memory of 1780	1752	Unicorn-13354.exe	38
PID 1752 wrote to memory of 1780	1752	Unicorn-13354.exe	38
PID 2640 wrote to memory of 588	2640	Unicorn-37552.exe	39
PID 2640 wrote to memory of 588	2640	Unicorn-37552.exe	39
PID 2640 wrote to memory of 588	2640	Unicorn-37552.exe	39
PID 2640 wrote to memory of 588	2640	Unicorn-37552.exe	39
PID 2736 wrote to memory of 992	2736	Unicorn-8492.exe	40
PID 2736 wrote to memory of 992	2736	Unicorn-8492.exe	40
PID 2736 wrote to memory of 992	2736	Unicorn-8492.exe	40
PID 2736 wrote to memory of 992	2736	Unicorn-8492.exe	40
PID 1300 wrote to memory of 2592	1300	Unicorn-35716.exe	41
PID 1300 wrote to memory of 2592	1300	Unicorn-35716.exe	41
PID 1300 wrote to memory of 2592	1300	Unicorn-35716.exe	41
PID 1300 wrote to memory of 2592	1300	Unicorn-35716.exe	41
PID 2876 wrote to memory of 1816	2876	Unicorn-48181.exe	42
PID 2876 wrote to memory of 1816	2876	Unicorn-48181.exe	42
PID 2876 wrote to memory of 1816	2876	Unicorn-48181.exe	42
PID 2876 wrote to memory of 1816	2876	Unicorn-48181.exe	42
PID 2328 wrote to memory of 704	2328	Unicorn-15850.exe	43
PID 2328 wrote to memory of 704	2328	Unicorn-15850.exe	43
PID 2328 wrote to memory of 704	2328	Unicorn-15850.exe	43
PID 2328 wrote to memory of 704	2328	Unicorn-15850.exe	43
PID 1300 wrote to memory of 1792	1300	Unicorn-35716.exe	44
PID 1300 wrote to memory of 1792	1300	Unicorn-35716.exe	44
PID 1300 wrote to memory of 1792	1300	Unicorn-35716.exe	44
PID 1300 wrote to memory of 1792	1300	Unicorn-35716.exe	44
PID 2328 wrote to memory of 2704	2328	Unicorn-15850.exe	45
PID 2328 wrote to memory of 2704	2328	Unicorn-15850.exe	45
PID 2328 wrote to memory of 2704	2328	Unicorn-15850.exe	45
PID 2328 wrote to memory of 2704	2328	Unicorn-15850.exe	45
PID 588 wrote to memory of 2936	588	Unicorn-34507.exe	46
PID 588 wrote to memory of 2936	588	Unicorn-34507.exe	46
PID 588 wrote to memory of 2936	588	Unicorn-34507.exe	46
PID 588 wrote to memory of 2936	588	Unicorn-34507.exe	46

C:\Users\Admin\AppData\Local\Temp\ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe
"C:\Users\Admin\AppData\Local\Temp\ba1fea62de8a63834f0a3ca74a94fbec301a116b1c539bd77f078fdae83e4b93N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10379.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        11⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        12⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
        12⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
        11⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        11⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        11⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
        10⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
        9⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17557.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57349.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe
        11⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        10⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        9⤵
        Program crash
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
        8⤵
        Program crash
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59097.exe
        8⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
        9⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        8⤵
        Program crash
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        7⤵
        Program crash
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        11⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        10⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50089.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26507.exe
        10⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
        9⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
        8⤵
        Program crash
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48075.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        10⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        9⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        8⤵
        Program crash
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        7⤵
        Program crash
        
        PID:3048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        6⤵
        Program crash
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        11⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        11⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39351.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
        10⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24691.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
        10⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        9⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        8⤵
        Program crash
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42637.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        10⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        9⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
        8⤵
        Program crash
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        Program crash
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51370.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44365.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
        10⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        9⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        8⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
        9⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        8⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        Program crash
        
        PID:3560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        6⤵
        Program crash
        
        PID:2836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46539.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        9⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        10⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        11⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 216
        10⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        9⤵
        Program crash
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49949.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        10⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
        9⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        8⤵
        Program crash
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42056.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22107.exe
        10⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 236
        10⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        9⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        10⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        10⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
        8⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        9⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        9⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        8⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        7⤵
        Program crash
        
        PID:3084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        6⤵
        Program crash
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        10⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        8⤵
        Program crash
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8136.exe
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
        9⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
        8⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        7⤵
        Program crash
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58776.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        9⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 216
        8⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 236
        7⤵
        
        PID:3872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        6⤵
        Program crash
        
        PID:2856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        5⤵
        Program crash
        
        PID:2816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63617.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
        10⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        11⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
        12⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        11⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        10⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        10⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
        9⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        8⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        10⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        9⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        8⤵
        Program crash
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        7⤵
        Program crash
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38921.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4873.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        9⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        8⤵
        Program crash
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53352.exe
        9⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        9⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
        8⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        7⤵
        Program crash
        
        PID:3076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        6⤵
        Program crash
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        10⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        10⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
        9⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        8⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33229.exe
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
        8⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        7⤵
        Program crash
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        9⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        8⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        7⤵
        Program crash
        
        PID:3232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        6⤵
        Program crash
        
        PID:2776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
        5⤵
        Program crash
        
        PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59357.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        10⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        10⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        9⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        9⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        9⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        8⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        7⤵
        Program crash
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37738.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        9⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        8⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        7⤵
        Program crash
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        6⤵
        Program crash
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 220
        9⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
        8⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        7⤵
        Program crash
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        6⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57541.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        8⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        8⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
        7⤵
        
        PID:5200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        6⤵
        Program crash
        
        PID:3800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        5⤵
        Program crash
        
        PID:1808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50524.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        10⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        11⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        11⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37514.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        10⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        10⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        10⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        10⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        9⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 240
        8⤵
        Program crash
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        7⤵
        Program crash
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27057.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35268.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        9⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
        7⤵
        
        PID:3892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        6⤵
        Program crash
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12864.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        10⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        9⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        8⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16139.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7586.exe
        9⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        9⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 220
        7⤵
        Program crash
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2808.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23539.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        8⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        
        PID:4660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        6⤵
        Program crash
        
        PID:1032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        5⤵
        Program crash
        
        PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38826.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        9⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
        10⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
        10⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        8⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 220
        7⤵
        Program crash
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        9⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        9⤵
        
        PID:544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
        8⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
        7⤵
        Program crash
        
        PID:3920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        6⤵
        Program crash
        
        PID:1540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
        5⤵
        Program crash
        
        PID:2636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63067.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
        6⤵
        Executes dropped EXE
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61611.exe
        9⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 236
        9⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        8⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        7⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        8⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        8⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        7⤵
        
        PID:4824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 220
        6⤵
        Program crash
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17749.exe
        6⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        8⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 220
        8⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
        7⤵
        
        PID:5536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        6⤵
        
        PID:4732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        5⤵
        Program crash
        
        PID:972
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
      4⤵
      Program crash
      PID:1580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
  2⤵
  - Program crash
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe

Filesize
468KB

MD5
37ad4496f566f30fa5050fcbb1e7279f

SHA1
71820332a9dc5c33b237d49f9665594b7bdea076

SHA256
cdf5a85ee8e6533af31f698007e46a9be3a8fd3b48a718cec3e39114e2a27969

SHA512
9c70d2106993474e20cf0fcd4fb060432d8476dd8992233b66a93da722ab1c03ad6d35ecc03a44fe58534ca107c3e7bf2aaf7273c85cf087d28867e08830a653

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe

Filesize
468KB

MD5
db9cc0635b100e558eb47f977e4f9146

SHA1
9f601cf22429e606bfaea6ee8015350a2540170c

SHA256
fbed4095b644fe88b3d47821dad1946d5655d0ac1c58e4ce8d5df6de12bbd983

SHA512
8bb25caf333f081750d470bf2aee76699e99b8ef142fc444523c28fb8e2dd435c79a11408b00048b3f8388634fda532fdaf0a31fd17e21fe8fbc06fc35a4f31e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe

Filesize
468KB

MD5
69567f4330e3ff92bcf36401a54219d3

SHA1
2bfb9d0fecdf56f80223491e096bec78fc2d2870

SHA256
6e976c37f15a61e3dd1eab880c5eaadef5a43dc109f6fd974a84967b6b7bd3f5

SHA512
66c341a4e8b58137f438e045ede2fee04246f3f362bed762c1ad79113d3dba3285950792a5d44d337c46152a17fab3d1cc29e863aae3f4d8edae2e7adb0094d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe

Filesize
468KB

MD5
87ba24d5f0ec6923eb0c13993f00fe39

SHA1
682c3d069c8c00644be6c371fef17b46dbd4cd43

SHA256
e26949a436ebf9cc75fa2da78aecc625c6c5a30476010e80a568f2999c5cbe84

SHA512
cb7f34413015ca8dd520e080cea589f6b4b6d32c505a05e00fac3d3c7caa98f45287aa4c5428ff83ff2dc8a66ceedc0bc4f8efccb175147843b2a390442d0eba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe

Filesize
468KB

MD5
05d1e10c4b8accef2c506c889b029a3a

SHA1
cc159294647068a2d11565dba638d72df39a8159

SHA256
a779e957b980ac26e3a7995d417db8d2c711a04f6bcf45a81412501d1b691ae2

SHA512
ff13e55d0d29b72710975084a671b93e2b754eaa2296b1de8e5e80fa004cec875c0373dac8783183816929da87fbbeaddd7a2e6c1267f06be9316c9332d0bd48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe

Filesize
468KB

MD5
7cdcd503ccba4f4ca3f38031ed86eec2

SHA1
7c933266e2b5a54d5b4db90f6171c546350690d6

SHA256
5895c73e53ff96d7149b37c2fa8d599a2850fdeaa73f3118f4fef20fe7f112ad

SHA512
7d2034454dac461dd1adc9e031aacc4a30575446bae7d90c006ebbb4021ded13e19b7cb48ad47c793126d76dc94d03cc460b9c4e386bbae8bff96e28676568c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe

Filesize
468KB

MD5
2c35602fe71a4f4e09877ce67b136c8e

SHA1
5b1734aac643d362f8bba7770644bdb09e7b1a54

SHA256
93110bc0aec51d62ed13ae1f7632a38884a4466604ab784e6aad5828a48be004

SHA512
13bf7c3678e5b0ee639713e21f328ab5f82596762c3cf38a4006a35e7fb774df3ff496036bbb717495cf779024aa802cc6618c2ef20fafe3e97e6a3de01687ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe

Filesize
468KB

MD5
5cc3885cec98692b48376d1216b83c0b

SHA1
5e91e38a34b2269ad0295010532e583ef8755923

SHA256
eb6e1543b33fb88cbfbf0aa47c25b8c3d559222a29e08e41753c81b9eb63cdbd

SHA512
7ca66431ccc8534886dd5f005fba3282a7885d768a20e4bf5d839f349fa3bcd6c1f43ca32add40777008a2c77c7dfb2c0ae1322a2363dfaf532db1c98157112a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe

Filesize
468KB

MD5
9e943d3eb9ca8d702d94109b8d1b9dbb

SHA1
8d8b8a810f8ff85019cc6564cbe360a4b1b9ee00

SHA256
2f57ffc4cbebe57f68b86a8c1179450d3fb163806028d5d5ea3456bc4a5e55a0

SHA512
0c7b0196e0f08fa113e1675bec25a8191514d407ff09c4cb6c221408380a7f3ebc30a27883809f40c19e72761764bf6b74b51ede7ed3469f1da382c976cfef09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe

Filesize
468KB

MD5
a15c937d15135883cdeebdc6ee664217

SHA1
2e377928d4d3979084ba20e058912700ec9de4ad

SHA256
75360e19e909a6e614723a3fa1cda76b4dfca99439db8f027e059bd847806e10

SHA512
472435ddfce2154256130905a2ed4d176cbf2a972422ce03cec9693e15382c91cce05b4a34bda9b78e4ae4b3af55d1d3c574f33588734fd4e3185152c5337472

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe

Filesize
468KB

MD5
33c6a215e2df52af55f7e0aa921530bd

SHA1
23fbab7932863cd3d402bc2428478ef1f78cb64d

SHA256
73e0e4df4016c8288873c03e0ea2d0791a761356bc0b4df7e79a421716371082

SHA512
f339e2dd35cb2faca523407dcc5c6f17a28553772a590230baa813c63073b2fea612755eb030f4e526b5d82eae10af1ca5ee4b5ad469111fdeb54b04472670a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe

Filesize
468KB

MD5
dcdbf2cdb2ca24e787be4109d6fd443b

SHA1
c9bfd60d1c92d30c69201b5c2fb1046aea5c2da6

SHA256
501eb88b6e2197ea0e46ee11a02a4636c79745dc870010459fe1e872fa792b53

SHA512
0f972c2ac120a32733bba7d2742053992d0b3f713237023f470a75774e96fa051b92f56dcd940de5dabbe6c3311702acab5d312eaf40cba0c34100d03b9811e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe

Filesize
468KB

MD5
af2591e52c4696fb4c0cabcd15ae366e

SHA1
f391594c5c0f9c6624baad0fd8094ce132165cec

SHA256
4090f829a6ed08ae760a2fe7b664cb6c2464ecdf4de728a33cb558631f108db4

SHA512
4e528ce33553d3586b60218c7ab59392250c785e693dc0bc608cfd8d7933cbc58fb08086b7270853c5d1bf6d5cfdd34f120220f03a99d4775b09ccfec597ddf0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48181.exe

Filesize
468KB

MD5
9de8e576becab94910726c4f9616c108

SHA1
b000ff38ab8f7d1fb9051db1b0376ecaa277a344

SHA256
fcc0945b2cda5266965c93b1884749c5dc559cdf36d1e53db37e246b94f3d77b

SHA512
bc987ad5d112a23392edbe83a530fe8ea7439c060586659510bb45ecb007e028d0d01e12be827d0b9843b9215fd46b1898939e1a0ca40b6f78dff63c76893946

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55674.exe

Filesize
468KB

MD5
f8a4ff96ba6f8ef30115ad3bd90fd7f3

SHA1
d21e261a46086828f45f6a11a6aeb6b7dedcd0a5

SHA256
1b043a2dd8221b1848eae04aa5e72b355b221da18adae8576b65fa8102a33413

SHA512
898dedc30133ec4b6c9e72d9ec9684e10defb21932fe907e5454ea611e2211cc05eedbbd881e4aa7c7ceb12d362e4adbce556b6e8c7d1ac60bf6d024a4e2b151

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe

Filesize
468KB

MD5
a3e06c6079402b7a46f084983c582a7e

SHA1
cb3fb080733d2ac8eff988a55b1b23b9658fcdd9

SHA256
ffe34960d6372a5685a42519a13805d31beb55c334f73548911016a131c00fbe

SHA512
864d0b6dc4d3fe55fd53d6e314cb03cfbf58ed2da383cbde48ddcbeaaa228c2a1e40acf5404592e979e6ce9b2b7db687552d640c52c98c47d8b08778120cd56c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe

Filesize
468KB

MD5
f38cfbec6f8e1b1d12a98a0ed5606355

SHA1
89e800f73ca1062e7f4b1e40b5841e524c28ef92

SHA256
9e2430b066a163c3765145a5ecc019ea264f344b5afcc9125c5ccdd34c240380

SHA512
ce9f886bb740f284f7d55d7ac00c19b24bf593696bdb4ea911282ff4be9e860b3c8ccf06ddb9d84db53cf52fd97ea5be745e43c285c157eecc0994b339e719a0

Download Submit