90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
Size

468KB
MD5

963142e3208fb65d92637ea8d49c8fe2
SHA1

a98c082e52c9a78396dda71c95d220aa931b38bf
SHA256

90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913
SHA512

6f88ff181b11578c07e372005099a0f30c198ac39ff87ceaf780781b0b897059f37544498ebb2e4b4464f2bcd183aafffcc473e52ec08ba96e048270b6888b47
SSDEEP

3072:1GGiogISIE5TtbY2HzcOqf8/zCcaP0pMJVHeTVaXn7nLR7qgAklue:1GvobMTtxH4OqfVYNSn7LVqgAw

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2144	Unicorn-14998.exe
3040	Unicorn-60066.exe
2536	Unicorn-32032.exe
2964	Unicorn-15801.exe
2828	Unicorn-26006.exe
2900	Unicorn-62863.exe
2780	Unicorn-42997.exe
1920	Unicorn-23559.exe
2036	Unicorn-31462.exe
324	Unicorn-46672.exe
2412	Unicorn-11206.exe
2552	Unicorn-31727.exe
2548	Unicorn-5084.exe
2280	Unicorn-17337.exe
1124	Unicorn-26059.exe
2468	Unicorn-44254.exe
2108	Unicorn-17612.exe
2496	Unicorn-21696.exe
1256	Unicorn-32556.exe
108	Unicorn-60901.exe
1964	Unicorn-55036.exe
968	Unicorn-41300.exe
1448	Unicorn-61166.exe
2008	Unicorn-61166.exe
1620	Unicorn-46014.exe
1564	Unicorn-35078.exe
2952	Unicorn-54944.exe
1748	Unicorn-15949.exe
1648	Unicorn-22080.exe
2720	Unicorn-11114.exe
2980	Unicorn-44877.exe
1628	Unicorn-2837.exe
1636	Unicorn-43123.exe
2872	Unicorn-4783.exe
2140	Unicorn-59459.exe
2164	Unicorn-5188.exe
2764	Unicorn-50860.exe
2816	Unicorn-64595.exe
2364	Unicorn-37538.exe
2228	Unicorn-19064.exe
2516	Unicorn-27232.exe
1060	Unicorn-32708.exe
2244	Unicorn-15410.exe
2432	Unicorn-55074.exe
1688	Unicorn-10460.exe
1264	Unicorn-51658.exe
3008	Unicorn-16756.exe
2604	Unicorn-61772.exe
472	Unicorn-2365.exe
2320	Unicorn-15172.exe
1884	Unicorn-35038.exe
1712	Unicorn-35038.exe
876	Unicorn-46475.exe
1832	Unicorn-60210.exe
2072	Unicorn-31530.exe
1960	Unicorn-10155.exe
1080	Unicorn-62640.exe
1736	Unicorn-64586.exe
2744	Unicorn-53465.exe
576	Unicorn-46423.exe
2272	Unicorn-46688.exe
1660	Unicorn-10294.exe
432	Unicorn-60393.exe
1684	Unicorn-60393.exe

Loads dropped DLL 64 IoCs

pid	Process
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
2144	Unicorn-14998.exe
2144	Unicorn-14998.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
3040	Unicorn-60066.exe
3040	Unicorn-60066.exe
2536	Unicorn-32032.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
2144	Unicorn-14998.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
2536	Unicorn-32032.exe
2144	Unicorn-14998.exe
2964	Unicorn-15801.exe
2964	Unicorn-15801.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
3040	Unicorn-60066.exe
2828	Unicorn-26006.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
2780	Unicorn-42997.exe
2900	Unicorn-62863.exe
2144	Unicorn-14998.exe
2536	Unicorn-32032.exe
2780	Unicorn-42997.exe
2900	Unicorn-62863.exe
3040	Unicorn-60066.exe
2144	Unicorn-14998.exe
2828	Unicorn-26006.exe
2536	Unicorn-32032.exe
1920	Unicorn-23559.exe
1920	Unicorn-23559.exe
2412	Unicorn-11206.exe
2552	Unicorn-31727.exe
2412	Unicorn-11206.exe
2552	Unicorn-31727.exe
2964	Unicorn-15801.exe
2964	Unicorn-15801.exe
2144	Unicorn-14998.exe
2144	Unicorn-14998.exe
3040	Unicorn-60066.exe
2828	Unicorn-26006.exe
3040	Unicorn-60066.exe
2828	Unicorn-26006.exe
2280	Unicorn-17337.exe
324	Unicorn-46672.exe
2280	Unicorn-17337.exe
324	Unicorn-46672.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
2900	Unicorn-62863.exe
2900	Unicorn-62863.exe
1124	Unicorn-26059.exe
1124	Unicorn-26059.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
2536	Unicorn-32032.exe
2548	Unicorn-5084.exe
2780	Unicorn-42997.exe
2536	Unicorn-32032.exe
2548	Unicorn-5084.exe
2780	Unicorn-42997.exe

Program crash 63 IoCs

pid	pid_target	Process	procid_target
1972	2036	WerFault.exe	38
2924	2108	WerFault.exe	47
2796	2952	WerFault.exe	57
2296	1648	WerFault.exe	59
2600	1964	WerFault.exe	51
2800	1960	WerFault.exe	90
972	472	WerFault.exe	83
532	3028	WerFault.exe	99
2188	2364	WerFault.exe	73
2276	2604	WerFault.exe	82
1936	1628	WerFault.exe	62
676	1920	WerFault.exe	37
2264	1832	WerFault.exe	88
1304	1796	WerFault.exe	122
1704	576	WerFault.exe	94
3684	968	WerFault.exe	52
3832	2016	WerFault.exe	104
3232	1684	WerFault.exe	97
3776	1080	WerFault.exe	91
3844	1688	WerFault.exe	79
3876	1640	WerFault.exe	124
3840	3036	WerFault.exe	154
3664	2244	WerFault.exe	76
3892	2008	WerFault.exe	53
3864	2280	WerFault.exe	42
3872	2980	WerFault.exe	61
3624	2252	WerFault.exe	101
3748	1564	WerFault.exe	56
3912	2064	WerFault.exe	103
3916	2828	WerFault.exe	35
3988	324	WerFault.exe	39
4036	2516	WerFault.exe	74
3976	2816	WerFault.exe	71
3120	1524	WerFault.exe	118
3116	2580	WerFault.exe	108
3356	2640	WerFault.exe	112
1092	2676	WerFault.exe	138
4244	1620	WerFault.exe	55
4312	108	WerFault.exe	50
4356	1660	WerFault.exe	96
4364	1124	WerFault.exe	44
4392	2432	WerFault.exe	77
4348	2900	WerFault.exe	34
4336	1712	WerFault.exe	86
4328	2744	WerFault.exe	93
4304	2548	WerFault.exe	41
4268	2040	WerFault.exe	107
4256	884	WerFault.exe	109
4476	1064	WerFault.exe	120
4488	2720	WerFault.exe	60
4676	1636	WerFault.exe	63
5008	2320	WerFault.exe	84
5000	1264	WerFault.exe	80
1692	3008	WerFault.exe	81
4576	1448	WerFault.exe	54
4708	2072	WerFault.exe	89
5140	2272	WerFault.exe	95
1908	804	WerFault.exe	128
5364	2644	WerFault.exe	143
5444	2920	WerFault.exe	127
5736	2764	WerFault.exe	70
6448	2172	WerFault.exe	126
6508	2376	WerFault.exe	106

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11031.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26922.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19490.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18480.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33616.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24571.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
2144	Unicorn-14998.exe
3040	Unicorn-60066.exe
2536	Unicorn-32032.exe
2964	Unicorn-15801.exe
2780	Unicorn-42997.exe
2828	Unicorn-26006.exe
2900	Unicorn-62863.exe
1920	Unicorn-23559.exe
2036	Unicorn-31462.exe
324	Unicorn-46672.exe
2412	Unicorn-11206.exe
2280	Unicorn-17337.exe
2552	Unicorn-31727.exe
1124	Unicorn-26059.exe
2548	Unicorn-5084.exe
2468	Unicorn-44254.exe
1256	Unicorn-32556.exe
2108	Unicorn-17612.exe
2496	Unicorn-21696.exe
108	Unicorn-60901.exe
968	Unicorn-41300.exe
1964	Unicorn-55036.exe
1448	Unicorn-61166.exe
2008	Unicorn-61166.exe
1620	Unicorn-46014.exe
2952	Unicorn-54944.exe
1564	Unicorn-35078.exe
1648	Unicorn-22080.exe
1748	Unicorn-15949.exe
2720	Unicorn-11114.exe
2980	Unicorn-44877.exe
1636	Unicorn-43123.exe
2140	Unicorn-59459.exe
2872	Unicorn-4783.exe
1628	Unicorn-2837.exe
2164	Unicorn-5188.exe
2228	Unicorn-19064.exe
2764	Unicorn-50860.exe
2364	Unicorn-37538.exe
2816	Unicorn-64595.exe
2244	Unicorn-15410.exe
1060	Unicorn-32708.exe
2516	Unicorn-27232.exe
2432	Unicorn-55074.exe
1264	Unicorn-51658.exe
2604	Unicorn-61772.exe
1688	Unicorn-10460.exe
3008	Unicorn-16756.exe
472	Unicorn-2365.exe
2320	Unicorn-15172.exe
1712	Unicorn-35038.exe
1884	Unicorn-35038.exe
876	Unicorn-46475.exe
2072	Unicorn-31530.exe
1832	Unicorn-60210.exe
1960	Unicorn-10155.exe
1736	Unicorn-64586.exe
1080	Unicorn-62640.exe
2744	Unicorn-53465.exe
2272	Unicorn-46688.exe
576	Unicorn-46423.exe
1660	Unicorn-10294.exe
1684	Unicorn-60393.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2144	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	30
PID 3012 wrote to memory of 2144	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	30
PID 3012 wrote to memory of 2144	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	30
PID 3012 wrote to memory of 2144	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	30
PID 2144 wrote to memory of 3040	2144	Unicorn-14998.exe	31
PID 2144 wrote to memory of 3040	2144	Unicorn-14998.exe	31
PID 2144 wrote to memory of 3040	2144	Unicorn-14998.exe	31
PID 2144 wrote to memory of 3040	2144	Unicorn-14998.exe	31
PID 3012 wrote to memory of 2536	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	32
PID 3012 wrote to memory of 2536	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	32
PID 3012 wrote to memory of 2536	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	32
PID 3012 wrote to memory of 2536	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	32
PID 3040 wrote to memory of 2964	3040	Unicorn-60066.exe	33
PID 3040 wrote to memory of 2964	3040	Unicorn-60066.exe	33
PID 3040 wrote to memory of 2964	3040	Unicorn-60066.exe	33
PID 3040 wrote to memory of 2964	3040	Unicorn-60066.exe	33
PID 3012 wrote to memory of 2828	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	35
PID 3012 wrote to memory of 2828	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	35
PID 3012 wrote to memory of 2828	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	35
PID 3012 wrote to memory of 2828	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	35
PID 2536 wrote to memory of 2900	2536	Unicorn-32032.exe	34
PID 2536 wrote to memory of 2900	2536	Unicorn-32032.exe	34
PID 2536 wrote to memory of 2900	2536	Unicorn-32032.exe	34
PID 2536 wrote to memory of 2900	2536	Unicorn-32032.exe	34
PID 2144 wrote to memory of 2780	2144	Unicorn-14998.exe	36
PID 2144 wrote to memory of 2780	2144	Unicorn-14998.exe	36
PID 2144 wrote to memory of 2780	2144	Unicorn-14998.exe	36
PID 2144 wrote to memory of 2780	2144	Unicorn-14998.exe	36
PID 2964 wrote to memory of 1920	2964	Unicorn-15801.exe	37
PID 2964 wrote to memory of 1920	2964	Unicorn-15801.exe	37
PID 2964 wrote to memory of 1920	2964	Unicorn-15801.exe	37
PID 2964 wrote to memory of 1920	2964	Unicorn-15801.exe	37
PID 3012 wrote to memory of 2036	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	38
PID 3012 wrote to memory of 2036	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	38
PID 3012 wrote to memory of 2036	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	38
PID 3012 wrote to memory of 2036	3012	90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe	38
PID 2780 wrote to memory of 2548	2780	Unicorn-42997.exe	41
PID 2780 wrote to memory of 2548	2780	Unicorn-42997.exe	41
PID 2780 wrote to memory of 2548	2780	Unicorn-42997.exe	41
PID 2780 wrote to memory of 2548	2780	Unicorn-42997.exe	41
PID 2900 wrote to memory of 2280	2900	Unicorn-62863.exe	42
PID 2900 wrote to memory of 2280	2900	Unicorn-62863.exe	42
PID 2900 wrote to memory of 2280	2900	Unicorn-62863.exe	42
PID 2900 wrote to memory of 2280	2900	Unicorn-62863.exe	42
PID 3040 wrote to memory of 324	3040	Unicorn-60066.exe	39
PID 3040 wrote to memory of 324	3040	Unicorn-60066.exe	39
PID 3040 wrote to memory of 324	3040	Unicorn-60066.exe	39
PID 3040 wrote to memory of 324	3040	Unicorn-60066.exe	39
PID 2144 wrote to memory of 2412	2144	Unicorn-14998.exe	43
PID 2144 wrote to memory of 2412	2144	Unicorn-14998.exe	43
PID 2144 wrote to memory of 2412	2144	Unicorn-14998.exe	43
PID 2144 wrote to memory of 2412	2144	Unicorn-14998.exe	43
PID 2828 wrote to memory of 2552	2828	Unicorn-26006.exe	40
PID 2828 wrote to memory of 2552	2828	Unicorn-26006.exe	40
PID 2828 wrote to memory of 2552	2828	Unicorn-26006.exe	40
PID 2828 wrote to memory of 2552	2828	Unicorn-26006.exe	40
PID 2536 wrote to memory of 1124	2536	Unicorn-32032.exe	44
PID 2536 wrote to memory of 1124	2536	Unicorn-32032.exe	44
PID 2536 wrote to memory of 1124	2536	Unicorn-32032.exe	44
PID 2536 wrote to memory of 1124	2536	Unicorn-32032.exe	44
PID 1920 wrote to memory of 2468	1920	Unicorn-23559.exe	45
PID 1920 wrote to memory of 2468	1920	Unicorn-23559.exe	45
PID 1920 wrote to memory of 2468	1920	Unicorn-23559.exe	45
PID 1920 wrote to memory of 2468	1920	Unicorn-23559.exe	45

C:\Users\Admin\AppData\Local\Temp\90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe
"C:\Users\Admin\AppData\Local\Temp\90fea212664729d65f19e9241fc71dcef3b146c07064f7da9d55176329186913.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 224
        9⤵
        Program crash
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32506.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        9⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        8⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
        8⤵
        Program crash
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15172.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27519.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        9⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 248
        9⤵
        Program crash
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
        8⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 248
        8⤵
        Program crash
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28676.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        7⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        7⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        8⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        8⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        7⤵
        Program crash
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        6⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40539.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40233.exe
        7⤵
        
        PID:5708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        6⤵
        Program crash
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        8⤵
        
        PID:764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 228
        8⤵
        Program crash
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63704.exe
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31176.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
        7⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36734.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        7⤵
        Program crash
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
        7⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54581.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55039.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        6⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        6⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        7⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 216
        7⤵
        Program crash
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        6⤵
        Program crash
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34701.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        6⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60970.exe
        5⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53145.exe
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        8⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 248
        8⤵
        Program crash
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42385.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
        8⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        7⤵
        Program crash
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        7⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        7⤵
        Program crash
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        7⤵
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5743.exe
        6⤵
        
        PID:3176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        6⤵
        Program crash
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        6⤵
        Executes dropped EXE
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        6⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28570.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4773.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13426.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        6⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        7⤵
        Program crash
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16122.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        6⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62946.exe
        6⤵
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24571.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
        6⤵
        Program crash
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        5⤵
        
        PID:3164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        5⤵
        Program crash
        
        PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 244
        5⤵
        Program crash
        
        PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        5⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        6⤵
        
        PID:3216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 228
        6⤵
        Program crash
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe
        5⤵
        
        PID:1000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 244
        5⤵
        Program crash
        
        PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
      4⤵
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6501.exe
        5⤵
        
        PID:1664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 228
        5⤵
        Program crash
        
        PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15078.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3018.exe
      4⤵
      PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
      4⤵
      PID:6460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22080.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        6⤵
        Program crash
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 224
        6⤵
        Program crash
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        5⤵
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        5⤵
        
        PID:3792
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        5⤵
        Program crash
        
        PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        5⤵
        
        PID:3992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 248
        5⤵
        Program crash
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        5⤵
        Program crash
        
        PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13356.exe
        5⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        5⤵
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6938.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
      4⤵
      PID:4896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
      4⤵
      PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        6⤵
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        6⤵
        Program crash
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        5⤵
        
        PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        5⤵
        
        PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19578.exe
      4⤵
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23376.exe
      4⤵
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
      4⤵
      PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
        5⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15846.exe
        5⤵
        
        PID:4276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        5⤵
        Program crash
        
        PID:4708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23828.exe
      4⤵
      PID:2676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 224
        5⤵
        Program crash
        
        PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
      4⤵
      PID:3784
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
      4⤵
      Program crash
      PID:4312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 244
      4⤵
      Program crash
      PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
    3⤵
    PID:2016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 244
      4⤵
      Program crash
      PID:3832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
    3⤵
    PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
    3⤵
    PID:4872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
    3⤵
    PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
    3⤵
    PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
    3⤵
    PID:6480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61166.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        8⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 248
        8⤵
        Program crash
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        7⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        8⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        7⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        7⤵
        
        PID:6180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10294.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        7⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        7⤵
        Program crash
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52338.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
        7⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
        7⤵
        Program crash
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9381.exe
        6⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47857.exe
        6⤵
        
        PID:4460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 248
        6⤵
        Program crash
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12152.exe
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        6⤵
        
        PID:2020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        6⤵
        Program crash
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        5⤵
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
        6⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40855.exe
        5⤵
        
        PID:2100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        5⤵
        Program crash
        
        PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34207.exe
        7⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        7⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        6⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        6⤵
        
        PID:4088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 248
        6⤵
        Program crash
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
        6⤵
        
        PID:3252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 248
        6⤵
        Program crash
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        5⤵
        
        PID:2324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        5⤵
        Program crash
        
        PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 244
        5⤵
        Program crash
        
        PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
      4⤵
      PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
      4⤵
      PID:4020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
      4⤵
      Program crash
      PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        5⤵
        Program crash
        
        PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
        5⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58608.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47006.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
        5⤵
        
        PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
      4⤵
      PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
      4⤵
      PID:3540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
      4⤵
      Program crash
      PID:4364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15949.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42687.exe
        5⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
        6⤵
        
        PID:3800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        6⤵
        Program crash
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        5⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        5⤵
        
        PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
      4⤵
      PID:2640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 224
        5⤵
        Program crash
        
        PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
      4⤵
      PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
      4⤵
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 220
      4⤵
      Program crash
      PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
    3⤵
    PID:4616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
    3⤵
    PID:5656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49006.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        5⤵
        Program crash
        
        PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
        5⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        6⤵
        
        PID:4916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 228
        6⤵
        Program crash
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50118.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12915.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        5⤵
        
        PID:5956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 228
        5⤵
        Program crash
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        5⤵
        
        PID:4912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 228
        5⤵
        Program crash
        
        PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
      4⤵
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
      4⤵
      PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
      4⤵
      PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3333.exe
      4⤵
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55074.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5605.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
        5⤵
        
        PID:3556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 220
        5⤵
        Program crash
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
      4⤵
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        5⤵
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8105.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        5⤵
        
        PID:5592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
      4⤵
      Program crash
      PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
      4⤵
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25737.exe
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
        5⤵
        
        PID:5280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 224
        5⤵
        Program crash
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28654.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46853.exe
      4⤵
      PID:4048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 248
      4⤵
      Program crash
      PID:5000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
    3⤵
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52988.exe
      4⤵
      PID:1220
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 228
      4⤵
      Program crash
      PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2524
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
    3⤵
    - Program crash
    PID:3916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 220
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
      4⤵
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41245.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        5⤵
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
      4⤵
      PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19040.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
      4⤵
      PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
    3⤵
    PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
    3⤵
    PID:3896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
    3⤵
    - Program crash
    PID:4244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
    3⤵
    - Program crash
    PID:3664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
    3⤵
    PID:3332
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 228
    3⤵
    - Program crash
    PID:4476
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16233.exe
  2⤵
  PID:3108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
  2⤵
  PID:3628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
  2⤵
  PID:5064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
  2⤵
  PID:5508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe

Filesize
468KB

MD5
e631260c9542a939b960d08a6947acbc

SHA1
0a130f3ab39123dbbf651e022cc098a8a51f4a4e

SHA256
52894752f9f23ab5ff4368aa2642241d5b1e47e19c3c007722e01753fc7a925d

SHA512
99fae39dd39408977f3d406491f780c0a321b5b7a8588968c443d294c4e383aa3286701d1be37ff7265f9642b010df30b4f346675a1828946e8f061861a3b0bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe

Filesize
468KB

MD5
4db292d827012c0b5d2f8c6cbdd4d522

SHA1
389cf73b3517299ce29b1715ff262f9bc4951815

SHA256
f7ab25388f69b1311183cefce349796825e48eee064227b6c48e40475e1edc5a

SHA512
2394ffd326555f6dcba7d0dcf42a7087c1a22ae962a17050748e20b6bf599c102ca8622a8ce4556441990b40956691b3b67631bb3db8dc19c89cf4012147c40e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23559.exe

Filesize
468KB

MD5
3e66346298e5af679878fab1396700a8

SHA1
61c21cdc3240c7b136c5950a60da22fea0b4f640

SHA256
bd9dcc469eb1f6abe4a7e3d6e1aacbff96d1449195086224dc1263789d2e9db9

SHA512
ee03070f35bce3b976d7b3705e6789dd257b0cc0498c06e9d319aeb86c7fc430ca213f12b541fb090c767ea4075d71f1e92bf8bb409adf445a5c89e9baeee701

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24066.exe

Filesize
468KB

MD5
43af758e5ef646e92af56813ea1f7f41

SHA1
836a593f169616e38a81dead93a8bebf575edab0

SHA256
d8d89916daa5d6892ba5a7d4efb74b8d7f9f92dd76e140a1f3d901da1103acc3

SHA512
80251622031deaab2b935086ee309b51422eb1fa6cb073955c41e9a5d932723e75f16e2d21a2e13d8ab9930c543d496063f4bd0ca5ab0ecff16bea570301b8da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe

Filesize
468KB

MD5
576c894eeb617f566d91d75bdba52a59

SHA1
49faa0060d0bbe86a6364e023ab7fba0b75316d1

SHA256
473e378a2c9e70b601699090be42fcdcf8a1d59a269468093e2d9b19e02dbd16

SHA512
3c872ab998889c71c51a5411adc4f3f2f2af6f0e0cdb938e0512033d4da86bc8eaebfe09b82daf53a20aa020dd86ea8377b79dcc65d9b6849e134ad0ebcc1d59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42997.exe

Filesize
468KB

MD5
0c63b7177424d54b5ac22a485e3cb22c

SHA1
dc571519e0d2be178a15c54f36c2f4b2510ad010

SHA256
c864ada21d51e687982e069223f15a8f329159e700313674aa62938424d83b5b

SHA512
62d9eb4f367c4aacdcacfb678e3e14b853d2c0fdb993504054bc998ac1d77273cf737aef02e3b8f80d4b01978a0bc7faa2d01e1ebd8a8a007735d3c80b992e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe

Filesize
468KB

MD5
19b1642c63359efb4c2b0cb993c171ed

SHA1
6d61fc296cbbf6d77e96975410520df33f1c2bd7

SHA256
8461c4b9b7827a9cda84ba9aa95eed240a1a30fdd02b610736758a18c5fd4402

SHA512
2bd3071b30ef11c2f363c41bb06938ba113b6736e7798e9c795329c04c04bd2d8544b8117a84515fd668916a53533875a0d2c0c6e0a135ab6262a5746f678309

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60066.exe

Filesize
468KB

MD5
f98618679c7e110c1a895a783c1cd1c4

SHA1
ad74681cf93c316642a36757db8e1c4d00143078

SHA256
ee2678ab6d0ebfcc5afbb7aa30ba2410ad3ef6a778db83ec843986ad956338cb

SHA512
ffa42ddd250977e2eae20a308a1d148fc0322768bb0e5c7727ce2cfee122b5e44cc1349e821ef8dcd9452519978cf4473e2cbd893dfa64d3345aa23f67e754ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe

Filesize
468KB

MD5
7cbb9dcaefcea2ce13665a7572c5d1cd

SHA1
65b8cedfbaeea619b37addf3d1e005e47842df8e

SHA256
2d2dcc77ddd1f946c516c1e6b095303064bd7ac0d9d80158906b9ae5b745da7e

SHA512
cac48b9f1378d3dbd55e1f0ce1b312ba62b85e1cde1d3faf2e6b4f09c9533809a6d7d5583997cccbcd59e26dbea8a1c4ce48d11bebc899ea926d192a6e855b3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe

Filesize
468KB

MD5
e964968241b7e65d348503fde5ef7a62

SHA1
04e52710afb5b38155e4f53e3a4b9131664be723

SHA256
b088669f2919b36932b6c308d1b1ca456dda1b928ee20c332803c83a54ff9526

SHA512
f9f29d634429f51bfdc226783bf68ef5ea7e43ebe0cfe8c271dcd1e244f79def54fc01b308a96b74ae68e2f5fbd33693066b5acb96822799ba5b1acd796609a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14998.exe

Filesize
468KB

MD5
3684e66ab4d7d2fa852b3346d395c389

SHA1
b4795039b84859cf5ea1086f9f7d52f384d4c868

SHA256
5887cf934812cd0802a6cfde58c252ed2d048ed20783b2a8c0546390542a1545

SHA512
1a2710f6ef08107a9500d54cd1fccbc9458a72dc971b841a799166bf5652836af5c895360fe6e8d47b5818a424af1d8583a9238bc4474fa3306435910a28fb5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17337.exe

Filesize
468KB

MD5
51b49f1264cd8cd6a901f19649f2e3fe

SHA1
4c0e8c4ec42530d3e63e54d0d54020f913f577a9

SHA256
936705b3927f5fe904f9441283cf8aa0a6cc7a95a07caf934bc8b12d8595ab65

SHA512
9229896b07fc48e3b63889308a100ddfd6dea86e64965ddf380b436b7f5b095b32856458f2c9e5bc7d80d3e42d02a8f0fad2032ec7d4817cf99f033ab2e65c12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe

Filesize
468KB

MD5
8680c55247f86e562f74b4356fda9acf

SHA1
30c6a0a432af86bec2121351461a024d155e781c

SHA256
01aafbf2e63e9c20792eac7e5b2e30847178e067a50a73fd9a853ed32cf06649

SHA512
0a385d84b6e5b8945534655988d392a7c327954e21f16a6978954f2f2dc8f70ab40908cb7654200022eb178894af8741c8686624111e08bc27de8e46a1e5cf02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe

Filesize
468KB

MD5
0cdfa8e95c78aabd21a41fa025bb72f3

SHA1
463428e39ebcc45385df9de7a1902ecadeff6565

SHA256
45f107e55e6d5cd655d1a530dfbe4a08e72d9a823f198d1c50a18532396f8091

SHA512
5aa57f748c170e407328ad6bb3b063b36aaa0687cedfee43bc80c72b1c21b8f9214aa4612c21ed9059d2ec05f4d01d7a81b37bd3785230bb93561c8425a43887

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe

Filesize
468KB

MD5
ee916a5fac255b3318f339bb9d2d59d5

SHA1
42152f0c4c6f2099a3008f16589babcd8730b656

SHA256
191e1ae9d31ca11e6663b6b3c722aa5d614d76ef641c3010bb497b9b6963398c

SHA512
ee92d749dbd0af4ff4e8d43e46d7cd3691e0f8c7a579a02010111e312e47b2074357b38f07d3e8e6432294871c31cecf47d5209dea62e98024205eb0525ba0bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe

Filesize
468KB

MD5
f7a8537d84d544d678927570b57db80a

SHA1
dd83ca400915b645fdcec51f59649d02269ee087

SHA256
ebcec0338a237f3063b22e1eebef5de27c3179159728dfa5b4ee69eec8dbfb01

SHA512
18dd37a044482cd0087c621217a33f88381265fab728d7b6925319a633e55f232f00ef4977db4bec7f190844138e6da0aa02e93f649feb1e77cf8192f33f2006

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe

Filesize
468KB

MD5
73c5f6af3e97f80a0d910fe92e5ee820

SHA1
6bc44c716fb35a7c66350272b1546a9ae5de4fc2

SHA256
03943e84fd83d5dbd5202ec9957d99804f7125a4040a690824d748b716f43f2d

SHA512
9b379150d25c3e4bfb674a31accad4fcb91ab1420ef64d213951239cdb699d7c8c0e9c81dc0f73891aa65c8070f5d6fcdcebc54e58236112752c647fe87fdec7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe

Filesize
468KB

MD5
28a93f96b36f423f73bb6558242f1879

SHA1
53d178be703762b95b00f767c5beba7462efe6bd

SHA256
646a67b9832e935b3b18a4cc5be5a8c1d5c87137fa7b1e2157edcaf5705814f9

SHA512
a88ed3b895b86ac7ce32c3690ef807b85553c79af80a46a4bd28297ef113e863b39d02b9697b03de32d88540f73287d6e99149fe55f3a72b48f75681439d73c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe

Filesize
468KB

MD5
79994b6d6937e0d80f5083b038337f09

SHA1
ecb2241b22ecffc800ad272ad2bfa63183692b37

SHA256
5234800e5d3e2849cb98339bedfc870992e2d526e521b3befd90709d33be6b75

SHA512
41f52e4b75d63a92af2cc009d5f103810615c73a2f98b66519592dc6a7fab97f9b132c3c66e76bd635a3a7884c14d4868bb568b40b3ad8a959539f19e641c34d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe

Filesize
468KB

MD5
9eca4d59aefbd88dec9002b50f4a5170

SHA1
70c7699b2783d879fd9437c51c09e71252aa4fb5

SHA256
ae0c9fe6bf3ab2337846eae6ecf5b19291e58083345172cb94fd38bfa2f38f03

SHA512
4507ef1257aa546a9615942250e090c3bcfb2d13bf0d0b6b43ca0dc907b5385a9a10d10d1b6443dd5b8c77a7dfb587c1adb5838ab40c5b6427828a747bd929f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe

Filesize
468KB

MD5
390aa9cd51ca088ae870099505fa53ca

SHA1
f2c9c9ef7b75e90c1f7d282f33e9e4d9c11373ee

SHA256
84ca20948d1ef419b9676e5056dce48a969ca78889ada76fc96f9ce717312e29

SHA512
faa517162e7705b79d194d4601b228057956dc5e6ab24b92e734a6f7f783f5a63cf573075fdaa867e7245f507503a81b1df12232e731067b94ae303a8c75eb0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe

Filesize
468KB

MD5
5a63d614687af8c8e1a0d778af6e7f92

SHA1
56cb8eacd384159593028525d814208876aeb64c

SHA256
e92c4b261f630d2584b2ede610491b74ded18b539b788813872f8ae887357352

SHA512
0001274c4b1921c8cfba7823a0e2c1bef4c10baefab1b9f447380293740014c9ad02d0baf04efbf565fb325c9c4502bb50be34b7381c44a6961d060152bb99fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe

Filesize
468KB

MD5
3be9e0a9831240b29fa9d51bf2449c1b

SHA1
e46cb8739e7588c13f548b33f59f374deb43b325

SHA256
3470957a456690230148f8044aa90a3737c28e0325cf98d051d3942eb69d18ed

SHA512
9f8e37109bc9299e659f18782b987705dd727968fa5a68e543fef1a825c9d1b435abc6c2fd330113801580ef6d232b6a11864834d8084c41d48e7f9739a2b9ff

Download Submit