3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95

Analysis

max time kernel
115s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
Size

468KB
MD5

cc7ac5c5b76c78bbe916cdb886ff8e80
SHA1

6c1e1979c3a27c12d01c26aab2999f2c38434b1a
SHA256

3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95
SHA512

28a352eb07d01a95ca6e1dfd819d88d9517782b050661b93696aad7210cc40ca05329441cc8185f4c6026133c2d7a8d14e7a7771d33f1a8a6f962f7440fac627
SSDEEP

3072:/owDovIuU35/obYJPgH5OfY/45RznIKXLTHdnShorVowmR9r6yli:/ooouJ/oiPu5OfnT17rV1W9r6

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2528	Unicorn-64606.exe
2476	Unicorn-18814.exe
1588	Unicorn-22344.exe
2908	Unicorn-23626.exe
2720	Unicorn-43531.exe
2788	Unicorn-23818.exe
2164	Unicorn-57855.exe
2372	Unicorn-5509.exe
2852	Unicorn-58047.exe
2444	Unicorn-870.exe
980	Unicorn-30397.exe
1768	Unicorn-19641.exe
2216	Unicorn-44015.exe
1648	Unicorn-36169.exe
2584	Unicorn-52375.exe
2800	Unicorn-41296.exe
1940	Unicorn-8431.exe
1904	Unicorn-32936.exe
1068	Unicorn-13070.exe
1448	Unicorn-35850.exe
2284	Unicorn-44210.exe
1492	Unicorn-34973.exe
2500	Unicorn-51309.exe
1756	Unicorn-40872.exe
1644	Unicorn-57209.exe
1508	Unicorn-10468.exe
592	Unicorn-33821.exe
1500	Unicorn-63348.exe
2072	Unicorn-63348.exe
2352	Unicorn-25845.exe
2764	Unicorn-1148.exe
2888	Unicorn-22507.exe
1736	Unicorn-494.exe
2192	Unicorn-21469.exe
2432	Unicorn-50079.exe
2856	Unicorn-13685.exe
1876	Unicorn-33551.exe
1816	Unicorn-20509.exe
2828	Unicorn-24231.exe
2040	Unicorn-46919.exe
1864	Unicorn-13924.exe
2968	Unicorn-41958.exe
2228	Unicorn-58486.exe
2184	Unicorn-42342.exe
1916	Unicorn-4796.exe
876	Unicorn-29300.exe
1140	Unicorn-25046.exe
1336	Unicorn-62357.exe
2604	Unicorn-16686.exe
2276	Unicorn-46213.exe
1780	Unicorn-19649.exe
2488	Unicorn-40623.exe
2420	Unicorn-3120.exe
2728	Unicorn-46016.exe
1412	Unicorn-15159.exe
2096	Unicorn-21704.exe
1120	Unicorn-2030.exe
1892	Unicorn-46400.exe
2016	Unicorn-64848.exe
2820	Unicorn-53343.exe
1948	Unicorn-24200.exe
2816	Unicorn-61895.exe
3060	Unicorn-64080.exe
2128	Unicorn-6711.exe

Loads dropped DLL 64 IoCs

pid	Process
2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
2528	Unicorn-64606.exe
2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
2528	Unicorn-64606.exe
2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
1588	Unicorn-22344.exe
1588	Unicorn-22344.exe
2528	Unicorn-64606.exe
2476	Unicorn-18814.exe
2528	Unicorn-64606.exe
2476	Unicorn-18814.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2908	Unicorn-23626.exe
2908	Unicorn-23626.exe
1588	Unicorn-22344.exe
1588	Unicorn-22344.exe
2720	Unicorn-43531.exe
2720	Unicorn-43531.exe
2788	Unicorn-23818.exe
2788	Unicorn-23818.exe
2476	Unicorn-18814.exe
2476	Unicorn-18814.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
1072	WerFault.exe
2164	Unicorn-57855.exe
2164	Unicorn-57855.exe
1072	WerFault.exe
2908	Unicorn-23626.exe
2908	Unicorn-23626.exe
2852	Unicorn-58047.exe
2852	Unicorn-58047.exe
2720	Unicorn-43531.exe
2720	Unicorn-43531.exe
2372	Unicorn-5509.exe
2372	Unicorn-5509.exe
2444	Unicorn-870.exe
2444	Unicorn-870.exe
2788	Unicorn-23818.exe
2788	Unicorn-23818.exe
980	Unicorn-30397.exe
980	Unicorn-30397.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
1444	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2904	2096	WerFault.exe	29
2684	2528	WerFault.exe	30
2028	1588	WerFault.exe	32
1072	2476	WerFault.exe	33
1692	2908	WerFault.exe	35
2248	2720	WerFault.exe	36
1444	2788	WerFault.exe	37
2224	2164	WerFault.exe	39
2912	2852	WerFault.exe	41
2920	2372	WerFault.exe	40
2624	2444	WerFault.exe	42
2792	980	WerFault.exe	43
1752	2072	WerFault.exe	66
1040	1500	WerFault.exe	65
596	2584	WerFault.exe	49
2252	2216	WerFault.exe	47
2364	1940	WerFault.exe	51
1880	1648	WerFault.exe	48
1716	1904	WerFault.exe	53
3064	2800	WerFault.exe	50
2884	1068	WerFault.exe	52
1432	1768	WerFault.exe	46
1224	2284	WerFault.exe	58
2156	2500	WerFault.exe	60
2348	1756	WerFault.exe	61
1160	1448	WerFault.exe	57
1328	1492	WerFault.exe	59
1204	2432	WerFault.exe	77
2220	2856	WerFault.exe	78
292	2828	WerFault.exe	81
2964	2192	WerFault.exe	76
988	2888	WerFault.exe	69
1212	1816	WerFault.exe	80
2260	2040	WerFault.exe	83
2524	1736	WerFault.exe	75
2004	1916	WerFault.exe	88
2212	1508	WerFault.exe	63
2528	2276	WerFault.exe	94
2516	2604	WerFault.exe	93
3080	1336	WerFault.exe	92
3124	2124	WerFault.exe	122
3184	1876	WerFault.exe	79
3192	2968	WerFault.exe	85
3208	2764	WerFault.exe	68
3236	1644	WerFault.exe	62
3252	2184	WerFault.exe	87
3276	592	WerFault.exe	64
3308	2352	WerFault.exe	67
3336	2096	WerFault.exe	107
3364	2228	WerFault.exe	86
3420	3060	WerFault.exe	115
3460	1120	WerFault.exe	109
3600	2488	WerFault.exe	100
3732	1140	WerFault.exe	91
4004	1864	WerFault.exe	84
4064	1948	WerFault.exe	113
4056	876	WerFault.exe	89
4072	2128	WerFault.exe	116
3108	2820	WerFault.exe	112
3228	1412	WerFault.exe	106
3800	2016	WerFault.exe	111
3820	1892	WerFault.exe	110
3888	2728	WerFault.exe	104
3936	2816	WerFault.exe	114

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6711.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3396.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17600.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
2528	Unicorn-64606.exe
1588	Unicorn-22344.exe
2476	Unicorn-18814.exe
2908	Unicorn-23626.exe
2720	Unicorn-43531.exe
2788	Unicorn-23818.exe
2164	Unicorn-57855.exe
2372	Unicorn-5509.exe
2852	Unicorn-58047.exe
980	Unicorn-30397.exe
2444	Unicorn-870.exe
1768	Unicorn-19641.exe
1648	Unicorn-36169.exe
2216	Unicorn-44015.exe
2584	Unicorn-52375.exe
2800	Unicorn-41296.exe
1940	Unicorn-8431.exe
1068	Unicorn-13070.exe
1904	Unicorn-32936.exe
1448	Unicorn-35850.exe
2284	Unicorn-44210.exe
1492	Unicorn-34973.exe
2500	Unicorn-51309.exe
1756	Unicorn-40872.exe
1644	Unicorn-57209.exe
592	Unicorn-33821.exe
1508	Unicorn-10468.exe
1500	Unicorn-63348.exe
2072	Unicorn-63348.exe
2352	Unicorn-25845.exe
2764	Unicorn-1148.exe
2888	Unicorn-22507.exe
1736	Unicorn-494.exe
2192	Unicorn-21469.exe
2432	Unicorn-50079.exe
2856	Unicorn-13685.exe
1876	Unicorn-33551.exe
1816	Unicorn-20509.exe
2828	Unicorn-24231.exe
2040	Unicorn-46919.exe
1864	Unicorn-13924.exe
2968	Unicorn-41958.exe
2228	Unicorn-58486.exe
2184	Unicorn-42342.exe
1916	Unicorn-4796.exe
876	Unicorn-29300.exe
1140	Unicorn-25046.exe
1336	Unicorn-62357.exe
2604	Unicorn-16686.exe
2276	Unicorn-46213.exe
1780	Unicorn-19649.exe
2488	Unicorn-40623.exe
2420	Unicorn-3120.exe
2728	Unicorn-46016.exe
1412	Unicorn-15159.exe
2096	Unicorn-21704.exe
1120	Unicorn-2030.exe
1892	Unicorn-46400.exe
2016	Unicorn-64848.exe
2820	Unicorn-53343.exe
1948	Unicorn-24200.exe
2816	Unicorn-61895.exe
3060	Unicorn-64080.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2528	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	30
PID 2096 wrote to memory of 2528	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	30
PID 2096 wrote to memory of 2528	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	30
PID 2096 wrote to memory of 2528	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	30
PID 2528 wrote to memory of 1588	2528	Unicorn-64606.exe	32
PID 2528 wrote to memory of 1588	2528	Unicorn-64606.exe	32
PID 2528 wrote to memory of 1588	2528	Unicorn-64606.exe	32
PID 2528 wrote to memory of 1588	2528	Unicorn-64606.exe	32
PID 2096 wrote to memory of 2476	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	33
PID 2096 wrote to memory of 2476	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	33
PID 2096 wrote to memory of 2476	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	33
PID 2096 wrote to memory of 2476	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	33
PID 2096 wrote to memory of 2904	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	34
PID 2096 wrote to memory of 2904	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	34
PID 2096 wrote to memory of 2904	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	34
PID 2096 wrote to memory of 2904	2096	3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe	34
PID 1588 wrote to memory of 2908	1588	Unicorn-22344.exe	35
PID 1588 wrote to memory of 2908	1588	Unicorn-22344.exe	35
PID 1588 wrote to memory of 2908	1588	Unicorn-22344.exe	35
PID 1588 wrote to memory of 2908	1588	Unicorn-22344.exe	35
PID 2528 wrote to memory of 2720	2528	Unicorn-64606.exe	36
PID 2528 wrote to memory of 2720	2528	Unicorn-64606.exe	36
PID 2528 wrote to memory of 2720	2528	Unicorn-64606.exe	36
PID 2528 wrote to memory of 2720	2528	Unicorn-64606.exe	36
PID 2476 wrote to memory of 2788	2476	Unicorn-18814.exe	37
PID 2476 wrote to memory of 2788	2476	Unicorn-18814.exe	37
PID 2476 wrote to memory of 2788	2476	Unicorn-18814.exe	37
PID 2476 wrote to memory of 2788	2476	Unicorn-18814.exe	37
PID 2528 wrote to memory of 2684	2528	Unicorn-64606.exe	38
PID 2528 wrote to memory of 2684	2528	Unicorn-64606.exe	38
PID 2528 wrote to memory of 2684	2528	Unicorn-64606.exe	38
PID 2528 wrote to memory of 2684	2528	Unicorn-64606.exe	38
PID 2908 wrote to memory of 2164	2908	Unicorn-23626.exe	39
PID 2908 wrote to memory of 2164	2908	Unicorn-23626.exe	39
PID 2908 wrote to memory of 2164	2908	Unicorn-23626.exe	39
PID 2908 wrote to memory of 2164	2908	Unicorn-23626.exe	39
PID 1588 wrote to memory of 2372	1588	Unicorn-22344.exe	40
PID 1588 wrote to memory of 2372	1588	Unicorn-22344.exe	40
PID 1588 wrote to memory of 2372	1588	Unicorn-22344.exe	40
PID 1588 wrote to memory of 2372	1588	Unicorn-22344.exe	40
PID 2720 wrote to memory of 2852	2720	Unicorn-43531.exe	41
PID 2720 wrote to memory of 2852	2720	Unicorn-43531.exe	41
PID 2720 wrote to memory of 2852	2720	Unicorn-43531.exe	41
PID 2720 wrote to memory of 2852	2720	Unicorn-43531.exe	41
PID 2788 wrote to memory of 2444	2788	Unicorn-23818.exe	42
PID 2788 wrote to memory of 2444	2788	Unicorn-23818.exe	42
PID 2788 wrote to memory of 2444	2788	Unicorn-23818.exe	42
PID 2788 wrote to memory of 2444	2788	Unicorn-23818.exe	42
PID 2476 wrote to memory of 980	2476	Unicorn-18814.exe	43
PID 2476 wrote to memory of 980	2476	Unicorn-18814.exe	43
PID 2476 wrote to memory of 980	2476	Unicorn-18814.exe	43
PID 2476 wrote to memory of 980	2476	Unicorn-18814.exe	43
PID 1588 wrote to memory of 2028	1588	Unicorn-22344.exe	44
PID 1588 wrote to memory of 2028	1588	Unicorn-22344.exe	44
PID 1588 wrote to memory of 2028	1588	Unicorn-22344.exe	44
PID 1588 wrote to memory of 2028	1588	Unicorn-22344.exe	44
PID 2476 wrote to memory of 1072	2476	Unicorn-18814.exe	45
PID 2476 wrote to memory of 1072	2476	Unicorn-18814.exe	45
PID 2476 wrote to memory of 1072	2476	Unicorn-18814.exe	45
PID 2476 wrote to memory of 1072	2476	Unicorn-18814.exe	45
PID 2164 wrote to memory of 1768	2164	Unicorn-57855.exe	46
PID 2164 wrote to memory of 1768	2164	Unicorn-57855.exe	46
PID 2164 wrote to memory of 1768	2164	Unicorn-57855.exe	46
PID 2164 wrote to memory of 1768	2164	Unicorn-57855.exe	46

C:\Users\Admin\AppData\Local\Temp\3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe
"C:\Users\Admin\AppData\Local\Temp\3f9b1e4bae4df87164d722ebc7cf4d605a896ca93ea40f00ead0e81670dfec95N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1148.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11994.exe
        9⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        10⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        11⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 216
        10⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        9⤵
        Program crash
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        11⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
        9⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        8⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46213.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
        9⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        8⤵
        Program crash
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        7⤵
        Program crash
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61895.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62033.exe
        10⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        10⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
        9⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        8⤵
        Program crash
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        7⤵
        Program crash
        
        PID:988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        6⤵
        Program crash
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        11⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26243.exe
        12⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        11⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
        10⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        9⤵
        Program crash
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33573.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        10⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
        9⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
        8⤵
        Program crash
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61813.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        11⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 236
        11⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
        9⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
        8⤵
        Program crash
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        7⤵
        Program crash
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        11⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 216
        9⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        8⤵
        Program crash
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
        7⤵
        Program crash
        
        PID:1212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        6⤵
        Program crash
        
        PID:2252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33821.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        11⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        10⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
        9⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        8⤵
        Program crash
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52672.exe
        10⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        9⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 216
        8⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
        7⤵
        Program crash
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
        9⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        9⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
        8⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
        7⤵
        Program crash
        
        PID:2004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        6⤵
        Program crash
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 244
        6⤵
        Program crash
        
        PID:1752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        5⤵
        Program crash
        
        PID:2920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
        11⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        10⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
        9⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
        8⤵
        Program crash
        
        PID:3252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        9⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        8⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        7⤵
        Program crash
        
        PID:4056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        6⤵
        Program crash
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        9⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
        8⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        7⤵
        Program crash
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42828.exe
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        8⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        7⤵
        
        PID:3792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        6⤵
        Program crash
        
        PID:3236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        5⤵
        Program crash
        
        PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        10⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        9⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 216
        8⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        7⤵
        Program crash
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16972.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        9⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        9⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        8⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        7⤵
        Program crash
        
        PID:3600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        6⤵
        Program crash
        
        PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38835.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        8⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        7⤵
        
        PID:3944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        6⤵
        Program crash
        
        PID:2964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        5⤵
        Program crash
        
        PID:596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-870.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62033.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
        11⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        10⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
        9⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        8⤵
        Program crash
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52036.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        11⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        10⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
        9⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 236
        8⤵
        Program crash
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        7⤵
        Program crash
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        10⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        10⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
        9⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        8⤵
        Program crash
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        7⤵
        Program crash
        
        PID:2220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        6⤵
        Program crash
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40872.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        10⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        9⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        8⤵
        Program crash
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        7⤵
        Program crash
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        9⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        9⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        8⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
        7⤵
        Program crash
        
        PID:3108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        6⤵
        Program crash
        
        PID:2348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        5⤵
        Program crash
        
        PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
        7⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 200
        8⤵
        Program crash
        
        PID:3124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        7⤵
        Program crash
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        8⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        7⤵
        
        PID:4128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        6⤵
        Program crash
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        8⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        8⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        7⤵
        
        PID:4084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 216
        6⤵
        Program crash
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
        5⤵
        Program crash
        
        PID:2884
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33017.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11460.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        10⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        9⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
        8⤵
        Program crash
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        7⤵
        Program crash
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35361.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25555.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43386.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        8⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        7⤵
        
        PID:3284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        6⤵
        Program crash
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        10⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        7⤵
        Program crash
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        9⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        8⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 216
        7⤵
        
        PID:3516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 220
        6⤵
        Program crash
        
        PID:4004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        5⤵
        Program crash
        
        PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 244
        5⤵
        Program crash
        
        PID:1040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
      4⤵
      Program crash
      PID:2792
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
  2⤵
  - Program crash
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe

Filesize
468KB

MD5
8513aaa2849634f84cba3ded0c3032b5

SHA1
76bec54f03e1ee3ceab754a46c8a8b260e818cdb

SHA256
3ea37e801bfed974cebb045759b1e6a077b2343f3974c0c941caca95290258ad

SHA512
825e2ae079f31607a31116ed1b5a995a3c896d6dde3a3ad6ee92a32c3333b31a9f21f9b6bdd7143c56c4bcbf841c523035929ae823682fbb9e33a70b2d5ac991

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe

Filesize
468KB

MD5
63a777a5307b6056214fe8c9d3cdaa0e

SHA1
ec208354e75f99402b22faee134bfd9f1bf73433

SHA256
30a3f09f0f9ad868940d23ad8417bca5112290a5cee6fa24d22999df22b1bb23

SHA512
9ec5129ed86653f90688677039acdafc6ff8df700bdfbb60e5073f4157010cc263ce69d694d691d1ed2c8c47d4f60635ae182aa13a0519bdf5d30e65520cf666

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe

Filesize
468KB

MD5
308632be6d821f74a4828593da22950e

SHA1
2f5f90b22ea5d6ee18efd41113f94ff647dd36a7

SHA256
25da67938c849ebd96edf88a9aeeb7ff50ba95819610aea14c00ce21f624a335

SHA512
0bdfea64286a1b82c6f43b052ac2e8a7fb0c287a6e0e3d684ae08a69f691ff060ff374aad5726676ccbf7931595c9a4a2cee04cb4b08401f5da8a3f6771ec586

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe

Filesize
468KB

MD5
ea6bfb46524aa37ae5c33a558403f5c7

SHA1
4a334299a4f195683abe84ad5b4366d910110c02

SHA256
966df2f78d7fb515fba424dd676d22268df50d53dadea01b4b166e2ae91dd381

SHA512
419cef61c0311de279f760fdc4bf0b3217c20dce3aae73872decb55bad14ebc2ca26f2e287c8e4bdb43c4c90ccaa7c0d55435f8028614ab3e1974360da7cc30f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe

Filesize
468KB

MD5
373f975bbd315cbc3a298b463e419580

SHA1
3221a3e6a27de1dc58394f2a1c71e2e32cbc9c32

SHA256
66a1cc86af5852c3d4413ffcafd952eb1f58c78c154432a14fcca18add8129c0

SHA512
4b5416ce2d2b2d3d97464f86335b5fa24aadc431422aff613af91515b0bc8b2a2989e7788a68e41e150c870f7df1af864d255d65b0ab049ed483429e3cdefe4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe

Filesize
468KB

MD5
fa3da4e8cc8a34ed5977f16f15873627

SHA1
93247d98b2b5806b8e5d6fcda05fbb7e67f7bf5d

SHA256
0e54c689fe6ab64ccabe1b70d9175f4f9a1ffb3b8f87bce7bf713bb304ae1199

SHA512
a12ba0d645379ad031bb2f7989e572765b031c70bb12185777d75f797e69a722df129e734ff939ebed14b90fb1de7e045ceb6f2fd5a7562924bedae331579f5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe

Filesize
468KB

MD5
bab2140b8f74eb2637c746bb89fbc312

SHA1
7541934bfe052b94d2dfb1afa192973fdcacc148

SHA256
3f8bc12796774b9b1c0d099037f10e926ccfc0cea5ee4a7b92fb15734cf2e796

SHA512
6be795f87c24e49112816487a20e70063057a8755c3c3faacea5389c5e3533e82930d96dbb8e266b98065b69631e0fc0162e0066df2e205b9eb5f57268d73bbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe

Filesize
468KB

MD5
233ef59b750591e09fd89432a98c399d

SHA1
70c47ba6dc9d860c2368ccc1f866d76ae02465e8

SHA256
1ff9a4a61a9a07a512db1b06e73969f02e802935217fb04e2c42a9fce9131cd3

SHA512
5208cefa0896e765d7f50ecc633b431c74d4f93d07cd07fedd8cc557f68415b081690879551096708ee7090393e07f88acad7def7d5af072093fe28210c94c70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44015.exe

Filesize
468KB

MD5
03f89ac9bae669dd9cc7d996311f19c9

SHA1
83c39a9807b47fbb3aa72f2b8ef84c6ee6975697

SHA256
5933919eaa05feb95b037ff6362dbf8d7ca4450ca6dc834200816c3e632bdaef

SHA512
b8c3d37b6e15f150ab6842263de051c4650e7bcb492cce18882f39e1fb78fc5613e9893af91a6dcf47fd2fae86eefd487d487228a5c0dbbaa4fb995995faa0b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe

Filesize
468KB

MD5
edcd2df1d827c54b7f8db2efeb87fc76

SHA1
3ef6d7d6213bffe2bdbbc9054120fb250913f336

SHA256
c8d11f6d1e9a2c3f3a8a4828e60e20e9d3cd94bf5330caf5394ab934cd47d41b

SHA512
daca6c08109418f6148e92d0fa4dc4954cba523a3f6a27557e9552b8deca4bc69f6b2bc5cf63341f53c3d8131ac6164ffe856098552e8eb6f1854530c7778647

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe

Filesize
468KB

MD5
d6cc823fbc163155d66e76d7f012ef89

SHA1
8b8b39501ff34d07ce644c0a736a3d28ce0ed2c1

SHA256
be1cc2282d2bac5de18811a60435652f14f1b412f7e1157f4c5ad2d6865c968f

SHA512
f04c5ef5f351146ccc7ba6f8f910c3c81b4ad249607923e7c8c1b479f31dd1c8e80938c1a04dfe0cd7e67346d378eae4499ed1e60552ab729a417bd1a6c3fee2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe

Filesize
468KB

MD5
370633a18c684df6e48b346e4142b3ca

SHA1
d4bfb29bb21069ba5dc1335c48f468ed84238674

SHA256
dd3a2fc0dafa7e9e82c1296b2cc2cd67dfa6ba6ba9c5f182c59f052359659359

SHA512
5cd4122c1a441d7f8ea44ff9186bb349c0e87fecf8fc63d01a240cc25d74ae1a7673d65e2df3ba462a35d5993378799735574a684237181b8e49b9c817ea56fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe

Filesize
468KB

MD5
149dfbda7d362ffff5d5e8dd99a2a97f

SHA1
d48397955752bdc88052d1067b806b1cf9e61d84

SHA256
742026dbb44488c17c8857366a20e7d62f06f6f3d1a9a4f3528f6e93adbed580

SHA512
fff0c53adde51c152f0a8a46da87fb65012ab76d00f44ce1a1b128dbc8cc4a12a8ee392a78358c39d88279e0a2b03854a77a2b5cde9989810ce27e347104acfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-870.exe

Filesize
468KB

MD5
2e8107e676e4024b180aa4d5aeb027d3

SHA1
19de6eac7d5f4563e1b287775408133937b71cb7

SHA256
197493b5f97cda288bc5ff49b0c1c096d96210b1a18bb15d46308f3fb8391f27

SHA512
fd5b97401bb6e8c549cc7d50ffc79e57563a7a69c630fec82c351175e397beb29a972732db9384d3995c5a1b9111ed0bd2cd2ccde1cdf18b652ce1c1a104708d

Download Submit