48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
Size

468KB
MD5

062ed7612db42366b9ba35e5bc57f1c7
SHA1

6400cb9ae600fa2ac5fc7b9313c44687f77a04bb
SHA256

48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63
SHA512

bb9a72376f24d515ac98599054419603e1e19495015c55f597cc929858f71dd56fa337b749ce42ca20f2aa31f78c27b78a49db8fc88b40af8118a025771e0a8a
SSDEEP

3072:1aG0ogISIE5TtbY2HzcOqf8/zCcaP0pMJVHeTVay3rnLR7qgAhlBq:1aZobMTtxH4OqfVYN33rLVqgAQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2684	Unicorn-22095.exe
2692	Unicorn-36567.exe
2836	Unicorn-48265.exe
2560	Unicorn-5618.exe
2588	Unicorn-10671.exe
580	Unicorn-49666.exe
2816	Unicorn-14040.exe
2152	Unicorn-20004.exe
2148	Unicorn-37995.exe
2792	Unicorn-53719.exe
1728	Unicorn-13563.exe
2748	Unicorn-23468.exe
2824	Unicorn-9733.exe
2936	Unicorn-29599.exe
2708	Unicorn-29537.exe
1864	Unicorn-42535.exe
768	Unicorn-15697.exe
1088	Unicorn-11975.exe
2400	Unicorn-6184.exe
1216	Unicorn-6760.exe
2044	Unicorn-1415.exe
3040	Unicorn-6303.exe
1548	Unicorn-63175.exe
1276	Unicorn-24694.exe
1668	Unicorn-60896.exe
2056	Unicorn-21709.exe
1712	Unicorn-28224.exe
2268	Unicorn-41222.exe
1140	Unicorn-7562.exe
2040	Unicorn-5953.exe
1688	Unicorn-42155.exe
1632	Unicorn-6943.exe
1532	Unicorn-53914.exe
2840	Unicorn-13545.exe
2648	Unicorn-28258.exe
2020	Unicorn-5599.exe
2540	Unicorn-4137.exe
2596	Unicorn-25304.exe
2608	Unicorn-20282.exe
572	Unicorn-59897.exe
592	Unicorn-6441.exe
1796	Unicorn-6441.exe
3020	Unicorn-20939.exe
2568	Unicorn-52659.exe
2124	Unicorn-61589.exe
2884	Unicorn-50769.exe
1156	Unicorn-5097.exe
2948	Unicorn-26264.exe
3036	Unicorn-46130.exe
1736	Unicorn-15002.exe
2944	Unicorn-29301.exe
2412	Unicorn-20941.exe
2296	Unicorn-1075.exe
2996	Unicorn-63893.exe
468	Unicorn-22788.exe
1012	Unicorn-202.exe
432	Unicorn-23292.exe
2164	Unicorn-19762.exe
2364	Unicorn-15123.exe
1296	Unicorn-40012.exe
1484	Unicorn-33881.exe
108	Unicorn-27354.exe
1376	Unicorn-6187.exe
2452	Unicorn-18501.exe

Loads dropped DLL 64 IoCs

pid	Process
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2684	Unicorn-22095.exe
2684	Unicorn-22095.exe
2692	Unicorn-36567.exe
2692	Unicorn-36567.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2836	Unicorn-48265.exe
2836	Unicorn-48265.exe
2684	Unicorn-22095.exe
2684	Unicorn-22095.exe
2588	Unicorn-10671.exe
2588	Unicorn-10671.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2560	Unicorn-5618.exe
2560	Unicorn-5618.exe
2816	Unicorn-14040.exe
2816	Unicorn-14040.exe
2684	Unicorn-22095.exe
2692	Unicorn-36567.exe
2684	Unicorn-22095.exe
2692	Unicorn-36567.exe
580	Unicorn-49666.exe
580	Unicorn-49666.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2152	Unicorn-20004.exe
2152	Unicorn-20004.exe
2588	Unicorn-10671.exe
2588	Unicorn-10671.exe
2792	Unicorn-53719.exe
2792	Unicorn-53719.exe
2560	Unicorn-5618.exe
2560	Unicorn-5618.exe
2148	Unicorn-37995.exe
2148	Unicorn-37995.exe
2748	Unicorn-23468.exe
2748	Unicorn-23468.exe
2684	Unicorn-22095.exe
2936	Unicorn-29599.exe
2936	Unicorn-29599.exe
2684	Unicorn-22095.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
580	Unicorn-49666.exe
580	Unicorn-49666.exe
2824	Unicorn-9733.exe
2824	Unicorn-9733.exe
2692	Unicorn-36567.exe
2692	Unicorn-36567.exe
1728	Unicorn-13563.exe
1728	Unicorn-13563.exe
2816	Unicorn-14040.exe
2816	Unicorn-14040.exe
2708	Unicorn-29537.exe
2708	Unicorn-29537.exe
2152	Unicorn-20004.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2892	2836	WerFault.exe	32
1852	1012	WerFault.exe	86
2468	2996	WerFault.exe	84
2500	2152	WerFault.exe	37
2576	2380	WerFault.exe	98
716	2880	WerFault.exe	134
2136	1756	WerFault.exe	108
3264	3068	WerFault.exe	102
3444	2124	WerFault.exe	74
3476	2368	WerFault.exe	161
3772	1796	WerFault.exe	72
3764	2268	WerFault.exe	58
3848	2740	WerFault.exe	126
3868	2436	WerFault.exe	112
3860	1684	WerFault.exe	124
3176	592	WerFault.exe	71
3900	2448	WerFault.exe	95
3904	2608	WerFault.exe	69
3888	1688	WerFault.exe	61
3980	2412	WerFault.exe	83
3944	2040	WerFault.exe	60
3940	1632	WerFault.exe	62
4048	1156	WerFault.exe	76
4080	108	WerFault.exe	92
3100	896	WerFault.exe	96
4020	2364	WerFault.exe	89
3116	572	WerFault.exe	70
4012	1876	WerFault.exe	123
3164	1228	WerFault.exe	137
3196	2212	WerFault.exe	130
3756	2936	WerFault.exe	44
3712	1752	WerFault.exe	113
3240	2524	WerFault.exe	145
4392	1216	WerFault.exe	50
4364	584	WerFault.exe	105
4440	2944	WerFault.exe	81
4420	2948	WerFault.exe	79
4404	2664	WerFault.exe	99
4348	2160	WerFault.exe	117
4512	2044	WerFault.exe	51
4504	768	WerFault.exe	47
4480	1160	WerFault.exe	106
4472	2516	WerFault.exe	110
4464	2648	WerFault.exe	65
4520	1712	WerFault.exe	57
4528	2804	WerFault.exe	100
4992	1528	WerFault.exe	125
4208	2572	WerFault.exe	127
4764	2240	WerFault.exe	144
5136	2420	WerFault.exe	115
5160	3028	WerFault.exe	97
5876	1736	WerFault.exe	80
5912	2108	WerFault.exe	104
5972	2452	WerFault.exe	94
5964	2800	WerFault.exe	133
5928	2752	WerFault.exe	109
5056	2540	WerFault.exe	67
6136	904	WerFault.exe	119
6128	1932	WerFault.exe	149
6120	2692	WerFault.exe	31
4956	2128	WerFault.exe	118
5152	1268	WerFault.exe	146
5216	2056	WerFault.exe	56
2324	1548	WerFault.exe	53

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63660.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53323.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46714.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6086.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3271.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31403.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25163.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16807.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
2684	Unicorn-22095.exe
2692	Unicorn-36567.exe
2836	Unicorn-48265.exe
2588	Unicorn-10671.exe
2560	Unicorn-5618.exe
2816	Unicorn-14040.exe
580	Unicorn-49666.exe
2152	Unicorn-20004.exe
2792	Unicorn-53719.exe
2148	Unicorn-37995.exe
2748	Unicorn-23468.exe
2936	Unicorn-29599.exe
2824	Unicorn-9733.exe
1728	Unicorn-13563.exe
2708	Unicorn-29537.exe
1864	Unicorn-42535.exe
768	Unicorn-15697.exe
1088	Unicorn-11975.exe
2400	Unicorn-6184.exe
1216	Unicorn-6760.exe
2044	Unicorn-1415.exe
3040	Unicorn-6303.exe
1548	Unicorn-63175.exe
1276	Unicorn-24694.exe
1668	Unicorn-60896.exe
2056	Unicorn-21709.exe
1712	Unicorn-28224.exe
2268	Unicorn-41222.exe
1140	Unicorn-7562.exe
2040	Unicorn-5953.exe
1688	Unicorn-42155.exe
1632	Unicorn-6943.exe
1532	Unicorn-53914.exe
2840	Unicorn-13545.exe
2648	Unicorn-28258.exe
2020	Unicorn-5599.exe
2596	Unicorn-25304.exe
2540	Unicorn-4137.exe
2608	Unicorn-20282.exe
572	Unicorn-59897.exe
592	Unicorn-6441.exe
1796	Unicorn-6441.exe
3020	Unicorn-20939.exe
2568	Unicorn-52659.exe
2124	Unicorn-61589.exe
2884	Unicorn-50769.exe
1156	Unicorn-5097.exe
2948	Unicorn-26264.exe
3036	Unicorn-46130.exe
1736	Unicorn-15002.exe
2944	Unicorn-29301.exe
2296	Unicorn-1075.exe
2412	Unicorn-20941.exe
2996	Unicorn-63893.exe
468	Unicorn-22788.exe
1012	Unicorn-202.exe
2164	Unicorn-19762.exe
432	Unicorn-23292.exe
2364	Unicorn-15123.exe
1296	Unicorn-40012.exe
1484	Unicorn-33881.exe
108	Unicorn-27354.exe
1376	Unicorn-6187.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2684	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	30
PID 2736 wrote to memory of 2684	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	30
PID 2736 wrote to memory of 2684	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	30
PID 2736 wrote to memory of 2684	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	30
PID 2736 wrote to memory of 2692	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	31
PID 2736 wrote to memory of 2692	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	31
PID 2736 wrote to memory of 2692	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	31
PID 2736 wrote to memory of 2692	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	31
PID 2684 wrote to memory of 2836	2684	Unicorn-22095.exe	32
PID 2684 wrote to memory of 2836	2684	Unicorn-22095.exe	32
PID 2684 wrote to memory of 2836	2684	Unicorn-22095.exe	32
PID 2684 wrote to memory of 2836	2684	Unicorn-22095.exe	32
PID 2692 wrote to memory of 2560	2692	Unicorn-36567.exe	33
PID 2692 wrote to memory of 2560	2692	Unicorn-36567.exe	33
PID 2692 wrote to memory of 2560	2692	Unicorn-36567.exe	33
PID 2692 wrote to memory of 2560	2692	Unicorn-36567.exe	33
PID 2736 wrote to memory of 2588	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	34
PID 2736 wrote to memory of 2588	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	34
PID 2736 wrote to memory of 2588	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	34
PID 2736 wrote to memory of 2588	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	34
PID 2836 wrote to memory of 580	2836	Unicorn-48265.exe	35
PID 2836 wrote to memory of 580	2836	Unicorn-48265.exe	35
PID 2836 wrote to memory of 580	2836	Unicorn-48265.exe	35
PID 2836 wrote to memory of 580	2836	Unicorn-48265.exe	35
PID 2684 wrote to memory of 2816	2684	Unicorn-22095.exe	36
PID 2684 wrote to memory of 2816	2684	Unicorn-22095.exe	36
PID 2684 wrote to memory of 2816	2684	Unicorn-22095.exe	36
PID 2684 wrote to memory of 2816	2684	Unicorn-22095.exe	36
PID 2588 wrote to memory of 2152	2588	Unicorn-10671.exe	37
PID 2588 wrote to memory of 2152	2588	Unicorn-10671.exe	37
PID 2588 wrote to memory of 2152	2588	Unicorn-10671.exe	37
PID 2588 wrote to memory of 2152	2588	Unicorn-10671.exe	37
PID 2736 wrote to memory of 2148	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	38
PID 2736 wrote to memory of 2148	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	38
PID 2736 wrote to memory of 2148	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	38
PID 2736 wrote to memory of 2148	2736	48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe	38
PID 2560 wrote to memory of 2792	2560	Unicorn-5618.exe	39
PID 2560 wrote to memory of 2792	2560	Unicorn-5618.exe	39
PID 2560 wrote to memory of 2792	2560	Unicorn-5618.exe	39
PID 2560 wrote to memory of 2792	2560	Unicorn-5618.exe	39
PID 2816 wrote to memory of 1728	2816	Unicorn-14040.exe	40
PID 2816 wrote to memory of 1728	2816	Unicorn-14040.exe	40
PID 2816 wrote to memory of 1728	2816	Unicorn-14040.exe	40
PID 2816 wrote to memory of 1728	2816	Unicorn-14040.exe	40
PID 2684 wrote to memory of 2748	2684	Unicorn-22095.exe	41
PID 2684 wrote to memory of 2748	2684	Unicorn-22095.exe	41
PID 2684 wrote to memory of 2748	2684	Unicorn-22095.exe	41
PID 2684 wrote to memory of 2748	2684	Unicorn-22095.exe	41
PID 2836 wrote to memory of 2892	2836	Unicorn-48265.exe	43
PID 2836 wrote to memory of 2892	2836	Unicorn-48265.exe	43
PID 2836 wrote to memory of 2892	2836	Unicorn-48265.exe	43
PID 2836 wrote to memory of 2892	2836	Unicorn-48265.exe	43
PID 2692 wrote to memory of 2824	2692	Unicorn-36567.exe	42
PID 2692 wrote to memory of 2824	2692	Unicorn-36567.exe	42
PID 2692 wrote to memory of 2824	2692	Unicorn-36567.exe	42
PID 2692 wrote to memory of 2824	2692	Unicorn-36567.exe	42
PID 580 wrote to memory of 2936	580	Unicorn-49666.exe	44
PID 580 wrote to memory of 2936	580	Unicorn-49666.exe	44
PID 580 wrote to memory of 2936	580	Unicorn-49666.exe	44
PID 580 wrote to memory of 2936	580	Unicorn-49666.exe	44
PID 2152 wrote to memory of 2708	2152	Unicorn-20004.exe	45
PID 2152 wrote to memory of 2708	2152	Unicorn-20004.exe	45
PID 2152 wrote to memory of 2708	2152	Unicorn-20004.exe	45
PID 2152 wrote to memory of 2708	2152	Unicorn-20004.exe	45

C:\Users\Admin\AppData\Local\Temp\48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe
"C:\Users\Admin\AppData\Local\Temp\48b3ab5cafab70645a76c211c8571a8124ae427ee1ff1c480bec4ecd8df55c63.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 248
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 248
        8⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        9⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 228
        8⤵
        Program crash
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        7⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 248
        7⤵
        Program crash
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8229.exe
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        8⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65366.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16704.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39354.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        7⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        7⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 228
        7⤵
        
        PID:6292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 248
        6⤵
        Program crash
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20461.exe
        8⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 220
        8⤵
        Program crash
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50239.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        7⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        7⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        6⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 224
        7⤵
        Program crash
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41849.exe
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        6⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        7⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 228
        7⤵
        Program crash
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        6⤵
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
        6⤵
        
        PID:4452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 248
        6⤵
        Program crash
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19492.exe
        5⤵
        
        PID:1756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 224
        6⤵
        Program crash
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
        5⤵
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
        5⤵
        
        PID:8172
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3930.exe
        8⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 248
        8⤵
        Program crash
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        7⤵
        
        PID:792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        7⤵
        Program crash
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-935.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24406.exe
        8⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 248
        7⤵
        Program crash
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        7⤵
        
        PID:8504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 248
        6⤵
        Program crash
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        7⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 216
        7⤵
        Program crash
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44060.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21432.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13995.exe
        6⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe
        6⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        6⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-685.exe
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22286.exe
        6⤵
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
        6⤵
        Program crash
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24548.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        5⤵
        
        PID:6660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 248
        5⤵
        
        PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41222.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        6⤵
        Program crash
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-982.exe
        5⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        6⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        6⤵
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
        6⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
        6⤵
        
        PID:6836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        5⤵
        Program crash
        
        PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 224
        5⤵
        Program crash
        
        PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        5⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
        5⤵
        
        PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        5⤵
        
        PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
      4⤵
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        5⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
        5⤵
        
        PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10712.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
      4⤵
      PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
      4⤵
      PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6760.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        7⤵
        Program crash
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        6⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        7⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
        7⤵
        
        PID:7848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 244
        6⤵
        Program crash
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 248
        6⤵
        Program crash
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        5⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        6⤵
        
        PID:7920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 248
        5⤵
        Program crash
        
        PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23269.exe
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        6⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50035.exe
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        6⤵
        
        PID:8204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 248
        5⤵
        Program crash
        
        PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
      4⤵
      PID:2368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 220
        5⤵
        Program crash
        
        PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
      4⤵
      PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
      4⤵
      PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        5⤵
        
        PID:2524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 224
        6⤵
        Program crash
        
        PID:3240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
        5⤵
        Program crash
        
        PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        5⤵
        
        PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        5⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        5⤵
        
        PID:8668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
      4⤵
      PID:4212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 244
      4⤵
      PID:6076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
      4⤵
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        5⤵
        
        PID:6008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 228
        5⤵
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
      4⤵
      PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50514.exe
      4⤵
      PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
      4⤵
      PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
      4⤵
      PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
      4⤵
      PID:7324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
    3⤵
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
      4⤵
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
      4⤵
      Program crash
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
    3⤵
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe
    3⤵
    PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
    3⤵
    PID:6904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
    3⤵
    PID:7852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31803.exe
    3⤵
    PID:7120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        8⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 248
        9⤵
        Program crash
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35476.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        8⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 224
        8⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
        8⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 224
        8⤵
        Program crash
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31832.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
        7⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-723.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        6⤵
        Executes dropped EXE
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-630.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        7⤵
        Program crash
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57986.exe
        7⤵
        
        PID:7268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 248
        6⤵
        Program crash
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20848.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        9⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 224
        9⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 248
        8⤵
        Program crash
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58241.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
        8⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        8⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 244
        7⤵
        Program crash
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        6⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 244
        7⤵
        Program crash
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        6⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        6⤵
        
        PID:7892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        5⤵
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63062.exe
        7⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        7⤵
        
        PID:6612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 248
        6⤵
        Program crash
        
        PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
        5⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        6⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20846.exe
        6⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        6⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6086.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        6⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        5⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        5⤵
        
        PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11975.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9937.exe
        8⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 248
        7⤵
        Program crash
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        7⤵
        
        PID:7924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 244
        6⤵
        Program crash
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        5⤵
        
        PID:3068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 224
        6⤵
        Program crash
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46809.exe
        5⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        6⤵
        
        PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        5⤵
        
        PID:5852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 248
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27594.exe
        5⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        6⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        6⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        6⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65001.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 244
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-131.exe
      4⤵
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
        5⤵
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 224
        5⤵
        
        PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63132.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
      4⤵
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
      4⤵
      PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
      4⤵
      PID:8632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60896.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        6⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
        7⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        7⤵
        
        PID:6592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 248
        6⤵
        Program crash
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        5⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        6⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33661.exe
        6⤵
        
        PID:7800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        5⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24834.exe
        5⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        5⤵
        
        PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        5⤵
        
        PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        6⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        7⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60726.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46171.exe
        6⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
        6⤵
        
        PID:8152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        5⤵
        Program crash
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
      4⤵
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        5⤵
        
        PID:4636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 224
        5⤵
        Program crash
        
        PID:5912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34522.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
      4⤵
      PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
      4⤵
      PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
      4⤵
      PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16747.exe
      4⤵
      PID:7272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21709.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
        7⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        7⤵
        
        PID:6600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
        6⤵
        Program crash
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27776.exe
        6⤵
        
        PID:8128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
        6⤵
        
        PID:8000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 244
        5⤵
        Program crash
        
        PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-692.exe
        5⤵
        
        PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
        5⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5188.exe
        5⤵
        
        PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
      4⤵
      PID:4948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 244
      4⤵
      Program crash
      PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
      4⤵
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
        5⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        6⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51971.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
        6⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        5⤵
        
        PID:3284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        5⤵
        Program crash
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
      4⤵
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25163.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        5⤵
        
        PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
      4⤵
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
      4⤵
      PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
      4⤵
      PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
      4⤵
      PID:7388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55512.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
    3⤵
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
      4⤵
      PID:5032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 244
      4⤵
      Program crash
      PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
    3⤵
    PID:5092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 248
    3⤵
    - Program crash
    PID:6120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        7⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 224
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
        7⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 236
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38392.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
        7⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 224
        7⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        6⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        6⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64843.exe
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42973.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25370.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        7⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        6⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        5⤵
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58300.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        6⤵
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
        6⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        6⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
        6⤵
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        5⤵
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
        5⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        5⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7513.exe
        5⤵
        
        PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55652.exe
        7⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        7⤵
        
        PID:7176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 248
        6⤵
        Program crash
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
        6⤵
        
        PID:7628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 244
        5⤵
        Program crash
        
        PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        6⤵
        
        PID:5940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 224
        6⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52197.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        5⤵
        
        PID:5584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 244
        5⤵
        
        PID:6584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 248
      4⤵
      Program crash
      PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        6⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        7⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29219.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        7⤵
        
        PID:9060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        6⤵
        
        PID:5188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 248
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
        5⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8890.exe
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        6⤵
        
        PID:7632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 244
        5⤵
        Program crash
        
        PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        5⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
        6⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
        6⤵
        
        PID:8156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 248
        5⤵
        Program crash
        
        PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
      4⤵
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        5⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        5⤵
        
        PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
        5⤵
        
        PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57018.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34204.exe
      4⤵
      PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
      4⤵
      PID:6788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
      4⤵
      PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
      4⤵
      PID:9168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6943.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64791.exe
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46254.exe
        6⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        6⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        6⤵
        
        PID:7264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50983.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        5⤵
        
        PID:3968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        5⤵
        Program crash
        
        PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
      4⤵
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
        5⤵
        
        PID:9076
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 244
      4⤵
      Program crash
      PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
      4⤵
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        5⤵
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        5⤵
        
        PID:6212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2749.exe
        5⤵
        
        PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
      4⤵
      PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51010.exe
      4⤵
      PID:7428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
      4⤵
      PID:7900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
    3⤵
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
      4⤵
      PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
      4⤵
      PID:5648
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 244
      4⤵
      PID:6708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
    3⤵
    PID:3652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
    3⤵
    PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
    3⤵
    PID:8048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
    3⤵
    PID:8640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        5⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38378.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30165.exe
        6⤵
        
        PID:5004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 224
        6⤵
        Program crash
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        5⤵
        
        PID:5076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        5⤵
        Program crash
        
        PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
      4⤵
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65217.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        6⤵
        
        PID:7516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        6⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        5⤵
        
        PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
      4⤵
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        5⤵
        
        PID:7812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
      4⤵
      PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
      4⤵
      PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11360.exe
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
      4⤵
      PID:8116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 244
        5⤵
        Program crash
        
        PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
      4⤵
      PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
      4⤵
      PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe
      4⤵
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40804.exe
      4⤵
      PID:6932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 228
      4⤵
      PID:7464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
    3⤵
    PID:2880
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 244
      4⤵
      Program crash
      PID:716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
    3⤵
    PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
      4⤵
      PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
      4⤵
      PID:7624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21191.exe
    3⤵
    PID:3508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
    3⤵
    PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
    3⤵
    PID:7284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46326.exe
    3⤵
    PID:7340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
    3⤵
    PID:8372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
      4⤵
      PID:2740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 224
        5⤵
        Program crash
        
        PID:3848
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
      4⤵
      Program crash
      PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
      4⤵
      PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
      4⤵
      PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
      4⤵
      PID:8220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30633.exe
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7327.exe
    3⤵
    PID:4800
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 244
    3⤵
    - Program crash
    PID:2324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
    3⤵
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
      4⤵
      PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
      4⤵
      PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
      4⤵
      PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
      4⤵
      PID:940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
    3⤵
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
    3⤵
    PID:4628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
    3⤵
    PID:5496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40813.exe
  2⤵
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
    3⤵
    PID:3212
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
    3⤵
    - Program crash
    PID:4764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-907.exe
  2⤵
  PID:2360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
  2⤵
  PID:4904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
  2⤵
  PID:7044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
  2⤵
  PID:8020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe

Filesize
468KB

MD5
c6786b619bd18c669ca915ee4a72dbfe

SHA1
7d0a83996a4018a6f5db224951d993e98ddba5a8

SHA256
54cfa60ab2821155d975d110fdf6191ec992a9c3defa4492fdb8c8e9dec93efb

SHA512
adb461a0ba4f0f858a2a5d5ee3fa92ca7016a68b211f3c62a916a0b964096c1c26dab1622548298bdbcb945f2cb21ada8292e8bd79f4efaadab24c74f4801841

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe

Filesize
468KB

MD5
c90643d58af85659a4eddf93ccdd88b3

SHA1
d4a4b808bd72ee931ebb5f9bdca74ca368ee170e

SHA256
09bb0b07fc01776178715277e8d45b8b7b94b661feed200ac1f09e3bc01176b2

SHA512
20732dcd9d6615dbf6b0256cc10e0ad71cdc98c1572fc678a0c9908161bf2e8f1455a0d17c6d47d5b5c8e80d1ea6825f230a98082539944e4973e6f7beab9dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe

Filesize
468KB

MD5
e54b66017bea3cc96ba0c5fe1af155bf

SHA1
3b986f312e4f2a09937b2204e2960c5abf936634

SHA256
36c5ea16fec0587355c28fc0ae4835b7cdd23c1611adfe78e129f79e4fa8d234

SHA512
ecc9afd66f02bd4e172b140da657c4b666d20b73437216885d79b48d763be32e7b55832e810f46454b37de67b4e41d0b18b04bbe16db6f0069343dd408df2c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe

Filesize
468KB

MD5
7238d8114d7f3e2e946a4d76e3935a79

SHA1
7d70029937350b772f98796b0d48ff7572bd280c

SHA256
7a05030b4f70b80f25173febc4b54cdd83b7573bb59d7d4676717fb01ed5a86b

SHA512
7ba9e64f06534cd2d11a5962c182d1e0c11128554d52a94a73a1a63ff5b418216b3eba2154e7a9b8793280cdc121177530e05754bbb23f49de7a1a52c3a08bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe

Filesize
468KB

MD5
f23a418605953b4c5285eee17c19fb5a

SHA1
a6553ec92f6f29cdbfec53af57803449c1f61a18

SHA256
53b7e2efc4a04827dbc6bbdc089204df577716110dae112622962864b5b5d439

SHA512
6fcbdc3668c3127549f982da724d2c9fa8a2481bdd7e2118526af30d182febd3eef67f7e270f2f0b9874a6aa5fea53702ed9d292c569b00b7a609c09b7e06483

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe

Filesize
468KB

MD5
1e36eb54fcb374b89b1bfafef9e5a92c

SHA1
3662f906df0a8dbe3bb3e80ca9ef6fad7b6123ea

SHA256
c77ff703f009d877b105b85f4799abc4ecc03a5663a0c658b1ca56c181b18a0d

SHA512
2eab05df1b548a9910a9a22945ca7ef4549633d0039d5069b58ed069f69cd06ffe6b6a31414c9cd157991625bfb669e0bc91691dc02261c8849a566cee8aff15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe

Filesize
468KB

MD5
b285cae8b22ad0a953242a4969c903b6

SHA1
f46acb2a79b7ffbd9b506d5889bc998b72ee9efa

SHA256
fc78c2dc85ccbe5551a901658da8b5d798b67f72437a67adc4a731fff501f9a7

SHA512
c00c8e55bbe19a92d4753fd964054a301afa67c075b807934e8c3faff19605b99a81e0ff2f2ee523ea32561435ea41976732451147e2f12ca64885d8135d6260

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe

Filesize
468KB

MD5
296d1badc9a5e5e7f56a5d5436fdb4d6

SHA1
ff618baa12728fbbd8f480ca2303198488946648

SHA256
bc9348b726e09df1c9f2adb973bb2078cb0800d628e3e148241d1752a9d8f712

SHA512
57a85b01aefe282eb569cfbd38d34c1076078fce3fedb9c0aec3d01324eb4d45bf093cbe06760833d701f0b887e88d3600956240488c8d8e2af73dbed8dd4c4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe

Filesize
468KB

MD5
92607ea7c2f9cfdecd73f99d44a62096

SHA1
fe95111a2259e35d66b00c8c3b4c812c510a4c82

SHA256
3310262fbcf340d3e9c87544d01211249750eb513c04619e7bbe2fb1ba80c4eb

SHA512
215e29c4eca377dcde4c7a0addbb47abd63ca6264895b74fade88eeb98866feaa409c9b76f9885ed7b4ae049933b4c728514a9e1829cdf811af52289e030793f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe

Filesize
468KB

MD5
d82b08b7ea58503510a3c5c693bfe7ea

SHA1
2e6ddebc110056da6833865221d026c9da89a685

SHA256
4bf0757ab97fb48f74673d09659fa7b5781f6165fb28822087ae074f24efea26

SHA512
a7c29c7f11560ee838481b8aa44df1de114ecc8590e38e9014e017c24145d8129c17a6e6b6f054ed4a20d3970bc8b177d74c4bb671a7c29a58c569abfe9477d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe

Filesize
468KB

MD5
bbeb670c4f75f8964414607ce40a3fe2

SHA1
4cfa56dff9cd8be883348c768a6f04f84a11953c

SHA256
ca945a356afccb096403d2b58fc9a945553fb6fdd09abfe68505a6aa197ed0a2

SHA512
bc41a41f622d6f3fd4dec4d6ed61b5196e01581a13b39add47ea464e09736c7493c28e265bb18731de74204e59367286b0ab816eb7f9589030fe2bbb2640ae42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe

Filesize
468KB

MD5
b503977e9ba8d3bf61887e3f84e58548

SHA1
8897c2ce4800386d1fdf546c33ba073e29382888

SHA256
b90bd03b93216e0780778c1749f1e53a781f1c3a98f7ff95d4b41e93e876567a

SHA512
9a95e923a2a3cd911d80c04c18102027eabce11bcb62a10e871b805d787ce776d175be09319b82ccbf55dbc8a9f3393127c475b2ac14875a46fb281d9f491c6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe

Filesize
468KB

MD5
4ba6f6462a671415124563cde2365dd1

SHA1
d5e68aba5748a2a22c37c91c4d6dcde3d0849f5c

SHA256
77695926ab243b86a4a0581c0ed102c075ff562d44adf6b0a96e71069edd3167

SHA512
04220acfb037ab771058c6e7537d802fd9eda54eb7d5acfb02c82ce1c4c26f4a0b7a79ea150a89b1463910b892a033fe431e249b9b7efa3a8b39c71e8721f88c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe

Filesize
468KB

MD5
b2422b7ca982700b95e48a9a06ac298a

SHA1
c6cbf54c3ab5c57ecd8ba7ed7a91df095300d352

SHA256
da2182db2f879d98586e71211ca90fcb65547258edca379dff95bc9da2af81cc

SHA512
b1855ccbd7a8db948f366a6b5e47a2f46aaf5a46e31f14b9b6aa3f3d2374b2f480758f82f58d8fbec21e8681225e1c77dba234eaff45896b88164517f69d1a7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe

Filesize
468KB

MD5
6295f5480a7cdeab7b2c9a761fa15c02

SHA1
2b3a17cff8be4a69bf1ba1492803db69210f2ac7

SHA256
1790cc7a936a1325151b058ed49fdf7a1e75578246f99b010c1316b202669a52

SHA512
ae5c7985062fe6f8df8f87124663212ad2f1a5346a8f5780b43aee1043f8d25016e6647f96dfb18b4357c8c6e9db1996149dd9edb92aea7d189cd2520e9dc8f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe

Filesize
468KB

MD5
4f8056d70b7331901d805e1427540df4

SHA1
4fae67b73e4a42903ef32c8273b4454a07498407

SHA256
8e8875ea3486591573ea91efab822a2832d809a8b5937aaee4aa7373221bb38e

SHA512
4dff232d65e73e30b02a6323efea1ca2df229014f5a3447d4dd397dd802161b57fb58478d17c57a647ca18a23b2a539b3846550fab36926c39f5be857e28bb4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe

Filesize
468KB

MD5
8f99257b3cea949e737dbb2347e463b8

SHA1
f08500618a260c9f05f4d293597aee343aac4895

SHA256
7111ebdf5b042bb583dafb60f1c438a1acf31a14aa3fb9a328b2c14fe4a98e58

SHA512
0360bf911f7e7adb666797a79ed68457d094b2a80d401a567587c32021492557fce9f92952aa757b8ee65826aa0ba839c91e2a4b6b3b04f6296ec6cf8d2e4bb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe

Filesize
468KB

MD5
2109114c91ea53ef01af7a502e6b457c

SHA1
e4da1c39aab270736c2661c404ef99d98a33ae2e

SHA256
10aa9b02212e270785a0fa2990d04478fc2841668a4ac4cd1a16775b09dd1701

SHA512
2e943ee5ddfcf547e60c1f68608657ea04c17a70b942b6dfceb21b354df2fb0cb093e6f72ad545c0723506040f25211de2b7423de8203ea28e61f64fc2b0acfd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe

Filesize
468KB

MD5
35b5701b5adb390bda7749fb81e21a49

SHA1
54f8572c53852769d43ae25deb37cd7035219e86

SHA256
774fa540af8c1f9d5b3982b0c83fecbc052091cd6be8506d985a59848f9f31f2

SHA512
663fc6741f76794372407e5aa994329e866d3ffa760cbc1c6fe0b6b46d16643b518341562577ac713f0f360a4796c0312659208cf9150f62bdaa491681c1e2f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe

Filesize
468KB

MD5
0632a7ee7173c299ecb3b0e90e9c9c50

SHA1
1bfa05552111aac1525a761950745c1f73b42644

SHA256
d12736b7e933ddd774e30d3d256b564eb81a3afbd5643292e4b875156303707f

SHA512
53c0d142e4b0496c25df78a1e1c8ff4849bb9ed540edc501b17a8b6c827835ccc63d86c3206f377c5849780ec106f687576ac7156794908b0ba0dd8cdb790bdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe

Filesize
468KB

MD5
d1886fe413c9f19978c3ea7db7f99daf

SHA1
438c5540727293f8d475582f59c0b00442f254c9

SHA256
54772e63c3ff3f78f74c1a498a75d1bd4bad1d390176dc1fe495516d649e1d8d

SHA512
7334ba97e22866f902e106346c6dceeaf71e16f91eee5eb0cbf6625a2c14150f6d64d2adf293deb7f0e2a67a4b656cdab8c9937ed47071aa8624f40d153c6bed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe

Filesize
468KB

MD5
f8ba7a597ee47ea15e5fb67a864bbb17

SHA1
0907c6337ed8945431fd399260d61844db07756b

SHA256
89df121e81b858e74c25f96acceede326ac5427b627e8ca9d575ab122e379129

SHA512
612616796e0179b5fb3f24e3a6be4927dab3c13dd5d3d33ee7e6b470934ca33a12ac2e0bed64b601f6cc54a530b27dca6d47f9d472312b5b70ce7ad88e01941f

Download Submit