bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c

Analysis

max time kernel
146s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
Size

184KB
MD5

33ef7cf0674222355d3927f4091ab855
SHA1

f57a07f65c57bc99a498869a142059d81b8799f0
SHA256

bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c
SHA512

2dcb856ec897a1b03fa3c6dad71166f73e72187b40046f213a0b656f7bc2284e6dc48b9d346fde7ffae7b91d7496b791d262f22cfc0a337845f9aeefce646a41
SSDEEP

3072:XVa/svoE3S8EwqYmeWnIq4PLIdlOAuttJGD2C59tUTvAlnkOF+:XVFoIJqYKI3PLIGcReAlnkOF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2160	Unicorn-40839.exe
2796	Unicorn-58872.exe
2896	Unicorn-55343.exe
2568	Unicorn-49254.exe
2536	Unicorn-15320.exe
3060	Unicorn-45341.exe
1384	Unicorn-1750.exe
2812	Unicorn-37821.exe
2020	Unicorn-7033.exe
2496	Unicorn-37245.exe
1900	Unicorn-9306.exe
1892	Unicorn-22113.exe
1556	Unicorn-55855.exe
2380	Unicorn-42280.exe
1640	Unicorn-22222.exe
2924	Unicorn-58616.exe
664	Unicorn-58424.exe
2352	Unicorn-14859.exe
1696	Unicorn-44880.exe
1992	Unicorn-34377.exe
1444	Unicorn-50521.exe
1488	Unicorn-31148.exe
652	Unicorn-51014.exe
3032	Unicorn-50137.exe
2112	Unicorn-33417.exe
2444	Unicorn-30764.exe
2248	Unicorn-36982.exe
2888	Unicorn-17116.exe
2712	Unicorn-17818.exe
2892	Unicorn-63105.exe
2528	Unicorn-36458.exe
2636	Unicorn-19738.exe
2532	Unicorn-49566.exe
2988	Unicorn-42343.exe
2980	Unicorn-58523.exe
1008	Unicorn-29380.exe
2832	Unicorn-44948.exe
1844	Unicorn-41226.exe
2840	Unicorn-11891.exe
2876	Unicorn-28420.exe
1944	Unicorn-60251.exe
1624	Unicorn-60936.exe
2036	Unicorn-15264.exe
2240	Unicorn-44024.exe
2012	Unicorn-63889.exe
2316	Unicorn-9818.exe
2128	Unicorn-55983.exe
1540	Unicorn-57867.exe
1592	Unicorn-58095.exe
1832	Unicorn-12423.exe
2484	Unicorn-28568.exe
2388	Unicorn-44172.exe
1276	Unicorn-29912.exe
1408	Unicorn-60617.exe
2544	Unicorn-50633.exe
2100	Unicorn-4193.exe
480	Unicorn-4193.exe
2756	Unicorn-19688.exe
2648	Unicorn-51977.exe
2696	Unicorn-39170.exe
2596	Unicorn-40239.exe
296	Unicorn-55158.exe
880	Unicorn-25823.exe
1684	Unicorn-37861.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
2160	Unicorn-40839.exe
2160	Unicorn-40839.exe
2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
2896	Unicorn-55343.exe
2896	Unicorn-55343.exe
2796	Unicorn-58872.exe
2796	Unicorn-58872.exe
2160	Unicorn-40839.exe
2160	Unicorn-40839.exe
480	WerFault.exe
480	WerFault.exe
480	WerFault.exe
480	WerFault.exe
480	WerFault.exe
2568	Unicorn-49254.exe
2568	Unicorn-49254.exe
2896	Unicorn-55343.exe
2896	Unicorn-55343.exe
3060	Unicorn-45341.exe
3060	Unicorn-45341.exe
2796	Unicorn-58872.exe
2796	Unicorn-58872.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
1948	WerFault.exe
1384	Unicorn-1750.exe
1384	Unicorn-1750.exe
2568	Unicorn-49254.exe
2568	Unicorn-49254.exe
2536	Unicorn-15320.exe
2536	Unicorn-15320.exe
2020	Unicorn-7033.exe
2020	Unicorn-7033.exe
3060	Unicorn-45341.exe
3060	Unicorn-45341.exe
2496	Unicorn-37245.exe
2496	Unicorn-37245.exe
2812	Unicorn-37821.exe
2812	Unicorn-37821.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
804	WerFault.exe
804	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
804	WerFault.exe
1184	WerFault.exe
804	WerFault.exe
1184	WerFault.exe
804	WerFault.exe
1184	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2716	2100	WerFault.exe	27
480	2160	WerFault.exe	28
1948	2896	WerFault.exe	30
1644	2796	WerFault.exe	29
1536	2568	WerFault.exe	32
1184	3060	WerFault.exe	34
804	2536	WerFault.exe	33
2148	1384	WerFault.exe	36
1480	2020	WerFault.exe	38
2764	2496	WerFault.exe	39
2672	2812	WerFault.exe	37
1820	1900	WerFault.exe	42
2364	1892	WerFault.exe	43
2908	2380	WerFault.exe	45
2220	1556	WerFault.exe	44
2212	1640	WerFault.exe	46
2088	2924	WerFault.exe	47
2160	664	WerFault.exe	48
2708	1488	WerFault.exe	56
344	1696	WerFault.exe	53
2500	2352	WerFault.exe	52
2064	2888	WerFault.exe	61
3004	2892	WerFault.exe	68
2688	2988	WerFault.exe	72
1864	2876	WerFault.exe	78
2844	2840	WerFault.exe	77
1700	2532	WerFault.exe	71
1856	2712	WerFault.exe	65
1836	1444	WerFault.exe	55
1496	2636	WerFault.exe	70
1476	1992	WerFault.exe	54
1676	2444	WerFault.exe	60
2716	2980	WerFault.exe	73
2852	2112	WerFault.exe	59
1928	1944	WerFault.exe	79
2304	2248	WerFault.exe	62
604	2036	WerFault.exe	81
1880	652	WerFault.exe	57
764	1844	WerFault.exe	75
3080	2528	WerFault.exe	69
3104	1624	WerFault.exe	80
3196	3032	WerFault.exe	58
3220	2832	WerFault.exe	76
3408	2240	WerFault.exe	82
3444	880	WerFault.exe	108
3504	2388	WerFault.exe	95
3512	1008	WerFault.exe	74
3540	2696	WerFault.exe	105
3556	2012	WerFault.exe	83
3688	1276	WerFault.exe	97
3736	480	WerFault.exe	101
3988	2128	WerFault.exe	88
3996	296	WerFault.exe	107
4056	1832	WerFault.exe	93
4064	2100	WerFault.exe	100
4072	1592	WerFault.exe	92
3156	2484	WerFault.exe	94
3184	2316	WerFault.exe	86
3292	1408	WerFault.exe	98
3344	1540	WerFault.exe	90
3500	2544	WerFault.exe	99
3904	2596	WerFault.exe	106
3932	2648	WerFault.exe	104
3976	744	WerFault.exe	110

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59044.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51014.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15264.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
2160	Unicorn-40839.exe
2796	Unicorn-58872.exe
2896	Unicorn-55343.exe
2568	Unicorn-49254.exe
2536	Unicorn-15320.exe
3060	Unicorn-45341.exe
1384	Unicorn-1750.exe
2812	Unicorn-37821.exe
2020	Unicorn-7033.exe
2496	Unicorn-37245.exe
1900	Unicorn-9306.exe
1892	Unicorn-22113.exe
1556	Unicorn-55855.exe
2380	Unicorn-42280.exe
1640	Unicorn-22222.exe
2924	Unicorn-58616.exe
664	Unicorn-58424.exe
2352	Unicorn-14859.exe
1696	Unicorn-44880.exe
1992	Unicorn-34377.exe
1444	Unicorn-50521.exe
1488	Unicorn-31148.exe
3032	Unicorn-50137.exe
652	Unicorn-51014.exe
2112	Unicorn-33417.exe
2444	Unicorn-30764.exe
2888	Unicorn-17116.exe
2248	Unicorn-36982.exe
2712	Unicorn-17818.exe
2892	Unicorn-63105.exe
2528	Unicorn-36458.exe
2636	Unicorn-19738.exe
2532	Unicorn-49566.exe
2988	Unicorn-42343.exe
2980	Unicorn-58523.exe
1008	Unicorn-29380.exe
2840	Unicorn-11891.exe
1844	Unicorn-41226.exe
2876	Unicorn-28420.exe
2832	Unicorn-44948.exe
1944	Unicorn-60251.exe
1624	Unicorn-60936.exe
2036	Unicorn-15264.exe
2012	Unicorn-63889.exe
2240	Unicorn-44024.exe
2316	Unicorn-9818.exe
2128	Unicorn-55983.exe
1540	Unicorn-57867.exe
1592	Unicorn-58095.exe
1832	Unicorn-12423.exe
2484	Unicorn-28568.exe
2388	Unicorn-44172.exe
1276	Unicorn-29912.exe
1408	Unicorn-60617.exe
2544	Unicorn-50633.exe
2100	Unicorn-4193.exe
480	Unicorn-4193.exe
2756	Unicorn-19688.exe
2648	Unicorn-51977.exe
2696	Unicorn-39170.exe
2596	Unicorn-40239.exe
880	Unicorn-25823.exe
296	Unicorn-55158.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2160	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	28
PID 2100 wrote to memory of 2160	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	28
PID 2100 wrote to memory of 2160	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	28
PID 2100 wrote to memory of 2160	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	28
PID 2160 wrote to memory of 2796	2160	Unicorn-40839.exe	29
PID 2160 wrote to memory of 2796	2160	Unicorn-40839.exe	29
PID 2160 wrote to memory of 2796	2160	Unicorn-40839.exe	29
PID 2160 wrote to memory of 2796	2160	Unicorn-40839.exe	29
PID 2100 wrote to memory of 2896	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	30
PID 2100 wrote to memory of 2896	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	30
PID 2100 wrote to memory of 2896	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	30
PID 2100 wrote to memory of 2896	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	30
PID 2100 wrote to memory of 2716	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	31
PID 2100 wrote to memory of 2716	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	31
PID 2100 wrote to memory of 2716	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	31
PID 2100 wrote to memory of 2716	2100	bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe	31
PID 2896 wrote to memory of 2568	2896	Unicorn-55343.exe	32
PID 2896 wrote to memory of 2568	2896	Unicorn-55343.exe	32
PID 2896 wrote to memory of 2568	2896	Unicorn-55343.exe	32
PID 2896 wrote to memory of 2568	2896	Unicorn-55343.exe	32
PID 2796 wrote to memory of 2536	2796	Unicorn-58872.exe	33
PID 2796 wrote to memory of 2536	2796	Unicorn-58872.exe	33
PID 2796 wrote to memory of 2536	2796	Unicorn-58872.exe	33
PID 2796 wrote to memory of 2536	2796	Unicorn-58872.exe	33
PID 2160 wrote to memory of 3060	2160	Unicorn-40839.exe	34
PID 2160 wrote to memory of 3060	2160	Unicorn-40839.exe	34
PID 2160 wrote to memory of 3060	2160	Unicorn-40839.exe	34
PID 2160 wrote to memory of 3060	2160	Unicorn-40839.exe	34
PID 2160 wrote to memory of 480	2160	Unicorn-40839.exe	35
PID 2160 wrote to memory of 480	2160	Unicorn-40839.exe	35
PID 2160 wrote to memory of 480	2160	Unicorn-40839.exe	35
PID 2160 wrote to memory of 480	2160	Unicorn-40839.exe	35
PID 2568 wrote to memory of 1384	2568	Unicorn-49254.exe	36
PID 2568 wrote to memory of 1384	2568	Unicorn-49254.exe	36
PID 2568 wrote to memory of 1384	2568	Unicorn-49254.exe	36
PID 2568 wrote to memory of 1384	2568	Unicorn-49254.exe	36
PID 2896 wrote to memory of 2812	2896	Unicorn-55343.exe	37
PID 2896 wrote to memory of 2812	2896	Unicorn-55343.exe	37
PID 2896 wrote to memory of 2812	2896	Unicorn-55343.exe	37
PID 2896 wrote to memory of 2812	2896	Unicorn-55343.exe	37
PID 3060 wrote to memory of 2020	3060	Unicorn-45341.exe	38
PID 3060 wrote to memory of 2020	3060	Unicorn-45341.exe	38
PID 3060 wrote to memory of 2020	3060	Unicorn-45341.exe	38
PID 3060 wrote to memory of 2020	3060	Unicorn-45341.exe	38
PID 2796 wrote to memory of 2496	2796	Unicorn-58872.exe	39
PID 2796 wrote to memory of 2496	2796	Unicorn-58872.exe	39
PID 2796 wrote to memory of 2496	2796	Unicorn-58872.exe	39
PID 2796 wrote to memory of 2496	2796	Unicorn-58872.exe	39
PID 2896 wrote to memory of 1948	2896	Unicorn-55343.exe	40
PID 2896 wrote to memory of 1948	2896	Unicorn-55343.exe	40
PID 2896 wrote to memory of 1948	2896	Unicorn-55343.exe	40
PID 2896 wrote to memory of 1948	2896	Unicorn-55343.exe	40
PID 2796 wrote to memory of 1644	2796	Unicorn-58872.exe	41
PID 2796 wrote to memory of 1644	2796	Unicorn-58872.exe	41
PID 2796 wrote to memory of 1644	2796	Unicorn-58872.exe	41
PID 2796 wrote to memory of 1644	2796	Unicorn-58872.exe	41
PID 1384 wrote to memory of 1900	1384	Unicorn-1750.exe	42
PID 1384 wrote to memory of 1900	1384	Unicorn-1750.exe	42
PID 1384 wrote to memory of 1900	1384	Unicorn-1750.exe	42
PID 1384 wrote to memory of 1900	1384	Unicorn-1750.exe	42
PID 2568 wrote to memory of 1892	2568	Unicorn-49254.exe	43
PID 2568 wrote to memory of 1892	2568	Unicorn-49254.exe	43
PID 2568 wrote to memory of 1892	2568	Unicorn-49254.exe	43
PID 2568 wrote to memory of 1892	2568	Unicorn-49254.exe	43

C:\Users\Admin\AppData\Local\Temp\bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe
"C:\Users\Admin\AppData\Local\Temp\bc6f0e42fef1e0d22b3cc0a18357adf5de7a3f637bdfeeb93940084db439313c.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15320.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33417.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28420.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        9⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        11⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        11⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
        10⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 216
        9⤵
        Program crash
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        8⤵
        Program crash
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        9⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
        9⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
        8⤵
        Program crash
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        7⤵
        Program crash
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        8⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 240
        9⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        8⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        7⤵
        Program crash
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
        6⤵
        Program crash
        
        PID:2220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        10⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        11⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
        10⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
        9⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37866.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        10⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
        9⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        8⤵
        Program crash
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37861.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        9⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        8⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
        7⤵
        Program crash
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        9⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        9⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        8⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        7⤵
        Program crash
        
        PID:764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        6⤵
        Program crash
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        9⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        8⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
        7⤵
        Program crash
        
        PID:3500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        6⤵
        Program crash
        
        PID:1676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        5⤵
        Program crash
        
        PID:2764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50521.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42343.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
        10⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4819.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        11⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        10⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 216
        9⤵
        Program crash
        
        PID:3688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        8⤵
        Program crash
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26180.exe
        10⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        9⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 216
        8⤵
        Program crash
        
        PID:3292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        7⤵
        Program crash
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
        10⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        10⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        9⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
        8⤵
        Program crash
        
        PID:3904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
        7⤵
        Program crash
        
        PID:2716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        6⤵
        Program crash
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        10⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
        9⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
        9⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 216
        8⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
        7⤵
        Program crash
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55158.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59044.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        9⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 216
        8⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
        7⤵
        Program crash
        
        PID:3996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        6⤵
        Program crash
        
        PID:2708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        5⤵
        Program crash
        
        PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38509.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        10⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        9⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        8⤵
        Program crash
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        7⤵
        Program crash
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        9⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        8⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
        7⤵
        
        PID:3980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        6⤵
        Program crash
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe
        8⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        8⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 216
        7⤵
        Program crash
        
        PID:3976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        6⤵
        Program crash
        
        PID:1928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        5⤵
        Program crash
        
        PID:2212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49254.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        10⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51208.exe
        11⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        11⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        10⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        9⤵
        Program crash
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        Program crash
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55138.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        10⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
        10⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        8⤵
        Program crash
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        7⤵
        Program crash
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26990.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        10⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        10⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        9⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        8⤵
        Program crash
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        7⤵
        Program crash
        
        PID:3004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        6⤵
        Program crash
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47400.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        9⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 216
        8⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        7⤵
        Program crash
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
        8⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
        7⤵
        Program crash
        
        PID:3504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        6⤵
        Program crash
        
        PID:344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        5⤵
        Program crash
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 220
        10⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
        9⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
        8⤵
        Program crash
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        7⤵
        Program crash
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        9⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        8⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
        7⤵
        Program crash
        
        PID:4072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        6⤵
        Program crash
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30328.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16852.exe
        10⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        9⤵
        
        PID:908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
        8⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        7⤵
        Program crash
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        6⤵
        Program crash
        
        PID:1700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        5⤵
        Program crash
        
        PID:2364
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8610.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        9⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        8⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        7⤵
        Program crash
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        7⤵
        
        PID:3964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
        6⤵
        Program crash
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39715.exe
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        8⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        8⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
        7⤵
        
        PID:3792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        6⤵
        Program crash
        
        PID:3408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
        5⤵
        Program crash
        
        PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13345.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        8⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        7⤵
        
        PID:4228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        6⤵
        Program crash
        
        PID:3556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        5⤵
        Program crash
        
        PID:2064
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
      4⤵
      Program crash
      PID:2672
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
  2⤵
  - Program crash
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe

Filesize
184KB

MD5
96560b72bffa9464861c5b26d227bd39

SHA1
0c7e943b7add676c50dfcf6cd3abbdb2fc21b175

SHA256
bf6cecec78d1f8497e452b5f189b99e898d3f63b4d23a309e0a1632caa4e8c3b

SHA512
40e724aa09da748c580b133ffd74efe6d87df3cb29c745ef3c90d6e40614979b21aa8130e9160ff928f2e24d3ef5a42a49989697a89f7c02d0091b175e480c61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39657.exe

Filesize
184KB

MD5
850443775d7ab9d2aa928fb30d5bb4e7

SHA1
3039f8bd365dadcb6d28b8354be83c0ecd8479d0

SHA256
6d66f4147ea0aeaee5ed0d25dfc64d745d6ba8affafce5b2f85d3f0dc01afc0f

SHA512
eef30dc9553d2ebbe0c4872e8180dafc143bcc69bbbb040c34d2f4ddd315b85621074a3f74a82ce3fce5109a2418e36d790fabe8976a43a4c71e6fca21d82fb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe

Filesize
184KB

MD5
8fa1a2f9214cfb95b81d4c2f9763b68c

SHA1
1a849548ecc90984891718073b6bcb95668951c3

SHA256
b04c1511051920d51c1f296e3e04067e2ceab381be55af078a6b70d42be68da6

SHA512
dbf10a3766fdc8e507a069a03f8fb1acf285559d0e9b0bba686ef91f1e739a02daf55c8489a30c5de4df23bc916baefa8c6e0b601e7ffe83bf920ebcc3dd7454

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54862.exe

Filesize
184KB

MD5
e9c5993fd94ebe85f4cd31b2877bcd6c

SHA1
871cf2d298aceeb28e5c3c970f57a2c96f7df7b4

SHA256
d4cb37869391143f5f6be06fb4c8733902abc9b1d7e269b240972cc87749e128

SHA512
5f7b7798e33a9a084c56bb0a8ce709f5d7ea4550654868428a05493aec398e06a1dab1068c9517a38086e60042f3eda023a108f97b1f95048c767e7a428c064a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe

Filesize
184KB

MD5
355f881621b65d17cf12b0e2f808e9ed

SHA1
714b8371fb31fab69ef0e1e4c750c5a71278c7d1

SHA256
0cb0dabbae91583fc7d3e40dfcf1794ca9e31951e12bcc8692c5eafe8aee09b5

SHA512
da8e2f1ec0a7f5f316e49bef0d2dd2457b54bb8463dfd22a048976c1a720e9ffef13f687bdeb25615449fd030450b76d7388993437d01d83e597f05b08b6f3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7033.exe

Filesize
184KB

MD5
4f53bc367779e860629721b3af80168c

SHA1
285ba83c8d7c1da006ef9c4baaaac6c659148593

SHA256
a8890350cb84deff859f0eb6d604bf744592c973c05822aaaaf0590030a1493a

SHA512
8c6a8593acc32da791cbfcfb90c67d720bed2e3bdc40d17cedbc3d88548c1e9296155d38213286ed745692dc1660ac732c063e4c0e665bde4e676622e73219b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15320.exe

Filesize
184KB

MD5
5c1de931ecd3c6336efb99a25f128751

SHA1
a328201d207037c6f5a8fee3aa79010f3d4021fa

SHA256
3c379b1d61a7c392327f2597da9cfe92519d9e625dfeeac526f988baaf845ceb

SHA512
71ab101984f422746139ebdf2afa62795f95bb4249c2aa7e26d66f54a545d8bea602380ffbbf9c3e065ad75c307b0d14a94a4a149a90e3de0bf444a2b733030e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe

Filesize
184KB

MD5
bda22fb31662ade8dab91e3eaac88537

SHA1
d40fc875c028f45383abfff2a9d8ae7bc8d7e3e4

SHA256
835d0e38e60780aa5aee0972df46f231ed5f9d716621b39e67d239248616b128

SHA512
d21a096a21f30b3f78fde189602ec66129d44a706bb6b75e46098e0e75358a820bca30df9f93bb36c6b9eb7e34e55f8d87d5128de2d00bf4b9077b537f5b8bc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe

Filesize
184KB

MD5
df29d832e16e8735c23ba0c67004cd95

SHA1
474dbf4548c6503a62b6baac8a592040b3d1f0cd

SHA256
489bdbaa754b94c0f27b53ccf74d48a885ae736a42ad3efefcfa1f88677dbf11

SHA512
7e3885a9df6c0c4d5b55ac18e75620089d0336e402f883fa5c6b9feac0cf36408a2029ff33ce1b11096ac7dc6b51b3cde78a2fcb95a258499a64d9bab2e2f9fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe

Filesize
184KB

MD5
e154475b3a00946ce2074fc945f3c914

SHA1
08ffb3d2667c94f5662519dcad21d07ba1aaa03a

SHA256
60f419deb18aace29cf6cafda4e9708b062fcb20c19ba3cdb6014ac9d2558182

SHA512
35c5d6ba15116462f1dc7433b7dd4dd31ed7257c172098a7b2b0d3cead18eedf8ce14f0fe270fa11eef2b0eb4de4c5790afb5e9b1f5a83d207c8e5a24f72283b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe

Filesize
184KB

MD5
0934fb913db387de42467ebe16b62399

SHA1
91f6e391ed70ced8ff4133b255889460e2eaebb0

SHA256
964818006971bb1914a9c681309cd77e1222ca9d3f16dd17eca3d61898c9b69a

SHA512
9561f4886067e1d2c4ae33471e2d1926fdf93676f658c2cf280cfce3240b2a624f0c296c9853091e447a3105b2db4924ab9029606f62713278f800a3ab3b2bc0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40839.exe

Filesize
184KB

MD5
fbf44bcecbc8fd8d6e08ec8839e7fd03

SHA1
8fd09cdaff5affc113e5d3ecfb713c5e8a7ebaa3

SHA256
976283f240b886adfb97a2c5fde5d468f5d42f0d370f459ac9622ca58afd4f5b

SHA512
0c45659a139bf94fa9689fd8c2f08baf2578de7f4157db9cb7e5ab23d1c9d294b5d9ff372ab087016cb4428601f3eadab8e7fb25e3ec3011a30ae29451fc64d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe

Filesize
184KB

MD5
7d0b9fa34959353ee99e290da1910e4c

SHA1
258551543d06145b342be1e60c6acb96160bfd6e

SHA256
844d7d68c82f3d0dfaa7deb608816363ed348bb4bb3e4b41664b849086c716ed

SHA512
9fea30b399cf78396425a422411cfe5381724a249197508b0d6966464b1471d61a8b8bfc661a61d32bd6ae97ada4fa93ec437735f3d0f8b24741738444c9b9f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49254.exe

Filesize
184KB

MD5
1402c20998342a6e3684abc5f485303a

SHA1
b02c973ccf7cf0846230b07ba00c380fa694a96a

SHA256
20d4070845a262b00410705d45031c55267bbceef57076add4f721a897773462

SHA512
0e362f58edf0180407439082e72067e48cd8ad754b7d24eee059e0289752aa39eae9270266966810abe9fe5e3371c184a96419b19212d4de5495cc3c73fdd31d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe

Filesize
184KB

MD5
010253d22abeac8ed62b5be0d57a1263

SHA1
154a8809e0df8363d7226d2c861ce8e8b94e2106

SHA256
245902752a01113c351db363b7f65fc443fc4898b9665092873888542c3196e5

SHA512
518da97f77ca0c8807c72169ff1f05f68ef24cfccdf83f51fb1736e6d86c3aaa2f624cf2290a8e432a326ef34efda98166059f59d100e92b1d7e09b97b347f87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe

Filesize
184KB

MD5
3f777ee054b8a3a924177798252b3603

SHA1
ba1bdffcd13583cf424da574fb1fca9b853493c1

SHA256
725af196287cdfd341e0efdf7ebc5573d2c77c9db413ebe982fb5f575dadfa0b

SHA512
49fdc7831315bcd29f3a33109fd208e991e4a3cb4a2e4fce9b176cdbedbb76fa467e466019fcdc5c5493d664081a3fd75d0a4980def68e4d45c5a653f73dbf97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe

Filesize
184KB

MD5
03cec569a4991181e0b385ded1ed4e48

SHA1
668f8dd98574731b65bdb293526e83d1f0087b34

SHA256
c422ddd1e4240c7b2572722d926422beb8a30768c450ab9b23303c6929ebc882

SHA512
81cb3c2edd2c018baba7ff3eb35f2a20b33e1ef5d017251cbd726c915f6823e90b48366acc777e898781e391a4bfef84929080142deffc1fb124ee392a8734eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe

Filesize
184KB

MD5
cefacb49cb397540c89436a952a874bb

SHA1
286b4087dc7233041a8c5ae7f5d99f95c45a64ad

SHA256
4fd965c232958c3ce9a618fd2ea88484c1c506aaa1e2055b7d6d3607e24051f0

SHA512
7a8b253bb7b7c3c7fd179975e01c8d38762c66023dde4449924cef74abe123c03e2382d2cabbe4519cda851b9abb90913c71d4fbacd5de32a919f1b22e8cf264

Download Submit