d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323

Analysis

max time kernel
147s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
Size

468KB
MD5

0e618c736587a3b543a84d8efacc0ed6
SHA1

3150553809b1b0f2b41528e11017cf7ced8968a3
SHA256

d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323
SHA512

b61b7faa4acff774ec615970487cab769fb97295daa0c14f4aa6ea39be6cb7b38def69d3f79582cdee31141ba30cacf44ef1926ecc2db5da7d2961144eee992c
SSDEEP

3072:mrz7ogExjz8YFbYWPz3yqf8/Eptj7ApgPmHx+lO0E9E0AxI1SDl0:mrfoXAYF1PDyqf/8taE9NUI1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1696	Unicorn-10302.exe
4488	Unicorn-4542.exe
396	Unicorn-17541.exe
956	Unicorn-45103.exe
3152	Unicorn-58486.exe
3052	Unicorn-12814.exe
1700	Unicorn-64053.exe
4664	Unicorn-14454.exe
3984	Unicorn-47319.exe
1516	Unicorn-6094.exe
3160	Unicorn-55030.exe
5012	Unicorn-55295.exe
112	Unicorn-27261.exe
492	Unicorn-2757.exe
3940	Unicorn-49741.exe
1440	Unicorn-17439.exe
2980	Unicorn-8694.exe
2792	Unicorn-46006.exe
3240	Unicorn-32436.exe
4428	Unicorn-41367.exe
4032	Unicorn-2446.exe
2472	Unicorn-45709.exe
1088	Unicorn-31973.exe
3744	Unicorn-26375.exe
3092	Unicorn-9654.exe
2064	Unicorn-18015.exe
4400	Unicorn-55902.exe
4076	Unicorn-10230.exe
1856	Unicorn-24678.exe
1404	Unicorn-18812.exe
3516	Unicorn-5077.exe
4392	Unicorn-10142.exe
3080	Unicorn-47262.exe
1580	Unicorn-27631.exe
4540	Unicorn-6997.exe
2020	Unicorn-34751.exe
1312	Unicorn-50895.exe
3264	Unicorn-45341.exe
4452	Unicorn-39581.exe
1744	Unicorn-58295.exe
984	Unicorn-58295.exe
2432	Unicorn-5560.exe
3896	Unicorn-50547.exe
5064	Unicorn-5460.exe
5080	Unicorn-11590.exe
2440	Unicorn-11590.exe
3412	Unicorn-35519.exe
3028	Unicorn-27086.exe
1328	Unicorn-27159.exe
3860	Unicorn-27735.exe
4160	Unicorn-27735.exe
3024	Unicorn-27543.exe
3604	Unicorn-11206.exe
1968	Unicorn-21295.exe
5008	Unicorn-61366.exe
1028	Unicorn-54543.exe
4420	Unicorn-18341.exe
3348	Unicorn-21871.exe
3144	Unicorn-42653.exe
3888	Unicorn-40053.exe
4380	Unicorn-23716.exe
4896	Unicorn-46183.exe
4000	Unicorn-20916.exe
3836	Unicorn-6420.exe

Program crash 24 IoCs

pid	pid_target	Process	procid_target
5516	2472	WerFault.exe	117
5484	2980	WerFault.exe	112
3612	3744	WerFault.exe	119
7424	4076	WerFault.exe	123
7504	5064	WerFault.exe	139
5648	1440	WerFault.exe	281
8712	4896	WerFault.exe	157
8720	3080	WerFault.exe	128
7448	5368	WerFault.exe	176
3872	5152	WerFault.exe	201
11044	3896	WerFault.exe	138
11036	1020	WerFault.exe	225
11984	6396	WerFault.exe	239
11292	7220	WerFault.exe	347
6288	5312	WerFault.exe	175
11448	4664	WerFault.exe	103
13736	4452	WerFault.exe	134
13908	3144	WerFault.exe	154
14832	5672	WerFault.exe	211
14432	5708	WerFault.exe	186
9688	8792	WerFault.exe	364
16148	6820	WerFault.exe	273
744	5752	WerFault.exe	187
2408	7112	WerFault.exe	251

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53574.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29866.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36135.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21871.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45709.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59829.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
1696	Unicorn-10302.exe
4488	Unicorn-4542.exe
396	Unicorn-17541.exe
956	Unicorn-45103.exe
1700	Unicorn-64053.exe
3052	Unicorn-12814.exe
3152	Unicorn-58486.exe
4664	Unicorn-14454.exe
1516	Unicorn-6094.exe
3160	Unicorn-55030.exe
492	Unicorn-2757.exe
5012	Unicorn-55295.exe
3984	Unicorn-47319.exe
3940	Unicorn-49741.exe
112	Unicorn-27261.exe
1440	Unicorn-17439.exe
2980	Unicorn-8694.exe
3240	Unicorn-32436.exe
2792	Unicorn-46006.exe
4032	Unicorn-2446.exe
4428	Unicorn-41367.exe
2472	Unicorn-45709.exe
2064	Unicorn-18015.exe
1088	Unicorn-31973.exe
3092	Unicorn-9654.exe
3744	Unicorn-26375.exe
4076	Unicorn-10230.exe
1856	Unicorn-24678.exe
4400	Unicorn-55902.exe
3516	Unicorn-5077.exe
1404	Unicorn-18812.exe
4392	Unicorn-10142.exe
3080	Unicorn-47262.exe
1580	Unicorn-27631.exe
4540	Unicorn-6997.exe
2020	Unicorn-34751.exe
1312	Unicorn-50895.exe
3264	Unicorn-45341.exe
1744	Unicorn-58295.exe
984	Unicorn-58295.exe
2432	Unicorn-5560.exe
5064	Unicorn-5460.exe
3896	Unicorn-50547.exe
5080	Unicorn-11590.exe
2440	Unicorn-11590.exe
3028	Unicorn-27086.exe
4160	Unicorn-27735.exe
1968	Unicorn-21295.exe
3860	Unicorn-27735.exe
1328	Unicorn-27159.exe
3024	Unicorn-27543.exe
3604	Unicorn-11206.exe
3412	Unicorn-35519.exe
5008	Unicorn-61366.exe
4380	Unicorn-23716.exe
4420	Unicorn-18341.exe
4496	Unicorn-12285.exe
3888	Unicorn-40053.exe
3348	Unicorn-21871.exe
4896	Unicorn-46183.exe
3144	Unicorn-42653.exe
1028	Unicorn-54543.exe
3552	Unicorn-9021.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 1696	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	91
PID 4272 wrote to memory of 1696	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	91
PID 4272 wrote to memory of 1696	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	91
PID 1696 wrote to memory of 4488	1696	Unicorn-10302.exe	94
PID 1696 wrote to memory of 4488	1696	Unicorn-10302.exe	94
PID 1696 wrote to memory of 4488	1696	Unicorn-10302.exe	94
PID 4272 wrote to memory of 396	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	95
PID 4272 wrote to memory of 396	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	95
PID 4272 wrote to memory of 396	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	95
PID 4488 wrote to memory of 956	4488	Unicorn-4542.exe	99
PID 4488 wrote to memory of 956	4488	Unicorn-4542.exe	99
PID 4488 wrote to memory of 956	4488	Unicorn-4542.exe	99
PID 1696 wrote to memory of 3152	1696	Unicorn-10302.exe	101
PID 1696 wrote to memory of 3152	1696	Unicorn-10302.exe	101
PID 1696 wrote to memory of 3152	1696	Unicorn-10302.exe	101
PID 396 wrote to memory of 3052	396	Unicorn-17541.exe	100
PID 396 wrote to memory of 3052	396	Unicorn-17541.exe	100
PID 396 wrote to memory of 3052	396	Unicorn-17541.exe	100
PID 4272 wrote to memory of 1700	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	102
PID 4272 wrote to memory of 1700	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	102
PID 4272 wrote to memory of 1700	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	102
PID 1700 wrote to memory of 4664	1700	Unicorn-64053.exe	103
PID 1700 wrote to memory of 4664	1700	Unicorn-64053.exe	103
PID 1700 wrote to memory of 4664	1700	Unicorn-64053.exe	103
PID 956 wrote to memory of 3984	956	Unicorn-45103.exe	104
PID 956 wrote to memory of 3984	956	Unicorn-45103.exe	104
PID 956 wrote to memory of 3984	956	Unicorn-45103.exe	104
PID 3052 wrote to memory of 1516	3052	Unicorn-12814.exe	105
PID 3052 wrote to memory of 1516	3052	Unicorn-12814.exe	105
PID 3052 wrote to memory of 1516	3052	Unicorn-12814.exe	105
PID 4272 wrote to memory of 3160	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	106
PID 4272 wrote to memory of 3160	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	106
PID 4272 wrote to memory of 3160	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	106
PID 3152 wrote to memory of 5012	3152	Unicorn-58486.exe	107
PID 3152 wrote to memory of 5012	3152	Unicorn-58486.exe	107
PID 3152 wrote to memory of 5012	3152	Unicorn-58486.exe	107
PID 396 wrote to memory of 112	396	Unicorn-17541.exe	108
PID 396 wrote to memory of 112	396	Unicorn-17541.exe	108
PID 396 wrote to memory of 112	396	Unicorn-17541.exe	108
PID 4488 wrote to memory of 492	4488	Unicorn-4542.exe	109
PID 4488 wrote to memory of 492	4488	Unicorn-4542.exe	109
PID 4488 wrote to memory of 492	4488	Unicorn-4542.exe	109
PID 1696 wrote to memory of 3940	1696	Unicorn-10302.exe	110
PID 1696 wrote to memory of 3940	1696	Unicorn-10302.exe	110
PID 1696 wrote to memory of 3940	1696	Unicorn-10302.exe	110
PID 4664 wrote to memory of 1440	4664	Unicorn-14454.exe	111
PID 4664 wrote to memory of 1440	4664	Unicorn-14454.exe	111
PID 4664 wrote to memory of 1440	4664	Unicorn-14454.exe	111
PID 3160 wrote to memory of 2980	3160	Unicorn-55030.exe	112
PID 3160 wrote to memory of 2980	3160	Unicorn-55030.exe	112
PID 3160 wrote to memory of 2980	3160	Unicorn-55030.exe	112
PID 1700 wrote to memory of 2792	1700	Unicorn-64053.exe	113
PID 1700 wrote to memory of 2792	1700	Unicorn-64053.exe	113
PID 1700 wrote to memory of 2792	1700	Unicorn-64053.exe	113
PID 4272 wrote to memory of 3240	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	114
PID 4272 wrote to memory of 3240	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	114
PID 4272 wrote to memory of 3240	4272	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	114
PID 1516 wrote to memory of 4428	1516	Unicorn-6094.exe	115
PID 1516 wrote to memory of 4428	1516	Unicorn-6094.exe	115
PID 1516 wrote to memory of 4428	1516	Unicorn-6094.exe	115
PID 492 wrote to memory of 4032	492	Unicorn-2757.exe	116
PID 492 wrote to memory of 4032	492	Unicorn-2757.exe	116
PID 492 wrote to memory of 4032	492	Unicorn-2757.exe	116
PID 4488 wrote to memory of 2472	4488	Unicorn-4542.exe	117

C:\Users\Admin\AppData\Local\Temp\d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
"C:\Users\Admin\AppData\Local\Temp\d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7566.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
        10⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        10⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        10⤵
        
        PID:15976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
        10⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        8⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        9⤵
        
        PID:15480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        8⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        8⤵
        
        PID:14528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        8⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        8⤵
        
        PID:13156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        7⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        7⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35132.exe
        7⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        7⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        9⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        9⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        9⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        8⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        8⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
        8⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        8⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        8⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        8⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        7⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
        7⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25732.exe
        7⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        7⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        6⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
        7⤵
        
        PID:12016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        6⤵
        
        PID:10464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5141.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        6⤵
        
        PID:14896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27159.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        9⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
        9⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        9⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34421.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22511.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        8⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
        8⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        7⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        7⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52203.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        7⤵
        
        PID:10948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
        6⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16607.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        7⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        7⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        7⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33634.exe
        7⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        6⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 636
        7⤵
        Program crash
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        6⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        6⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
        6⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        6⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        7⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        7⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        6⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        5⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        6⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55401.exe
        5⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        5⤵
        
        PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        8⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55332.exe
        9⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38731.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        8⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        9⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        8⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        8⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        7⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        7⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        6⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57326.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        7⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
        7⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
        7⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        7⤵
        
        PID:16356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 672
        7⤵
        Program crash
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe
        6⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        5⤵
        Executes dropped EXE
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49471.exe
        7⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 640
        8⤵
        Program crash
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        7⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        7⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        7⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
        6⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        7⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        7⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 748
        6⤵
        Program crash
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        5⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        6⤵
        
        PID:9864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 668
        6⤵
        Program crash
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        5⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        6⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
        6⤵
        
        PID:16192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        6⤵
        
        PID:10380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
        5⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64727.exe
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        6⤵
        
        PID:15584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        5⤵
        
        PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        5⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
        5⤵
        
        PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 732
        5⤵
        Program crash
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57754.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
        5⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50724.exe
        6⤵
        
        PID:14416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
      4⤵
      PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        5⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23090.exe
        5⤵
        
        PID:11628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        5⤵
        
        PID:16192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
      4⤵
      PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
      4⤵
      PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
      4⤵
      PID:9112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        8⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        9⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        9⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        8⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        8⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
        8⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        8⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        8⤵
        
        PID:5116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 748
        6⤵
        Program crash
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
        5⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31495.exe
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        7⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        7⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 636
        7⤵
        Program crash
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        6⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22895.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        7⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        6⤵
        
        PID:14544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        6⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        7⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
        6⤵
        
        PID:16120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
        6⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        5⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        5⤵
        
        PID:10236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15125.exe
        5⤵
        
        PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35466.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        7⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 624
        7⤵
        Program crash
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        6⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22999.exe
        7⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        7⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48941.exe
        6⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        6⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
        6⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
        7⤵
        
        PID:16104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        7⤵
        
        PID:10564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25509.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6517.exe
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        5⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6190.exe
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        6⤵
        
        PID:14516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        5⤵
        
        PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48483.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
      4⤵
      Executes dropped EXE
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18231.exe
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        6⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52782.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        5⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        5⤵
        
        PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
      4⤵
      PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        5⤵
        
        PID:8792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 712
        6⤵
        Program crash
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
        5⤵
        
        PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10868.exe
      4⤵
      PID:8936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        5⤵
        
        PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
      4⤵
      PID:11008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
      4⤵
      PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
      4⤵
      PID:7888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        7⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14726.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        7⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        6⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
        7⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12769.exe
        6⤵
        
        PID:14064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37929.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        6⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
        7⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
        7⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        6⤵
        
        PID:10608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45333.exe
        6⤵
        
        PID:13384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
        6⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        5⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        6⤵
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        6⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        6⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        5⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe
        5⤵
        
        PID:10204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        6⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        6⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59769.exe
        6⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
        5⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        6⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
        6⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        5⤵
        
        PID:10004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 640
        5⤵
        Program crash
        
        PID:13908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        5⤵
        
        PID:9024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63870.exe
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        5⤵
        
        PID:13932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        5⤵
        
        PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5822.exe
        5⤵
        
        PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
      4⤵
      PID:9196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
      4⤵
      PID:14040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59636.exe
      4⤵
      PID:15616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
      4⤵
      PID:9516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        6⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52054.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        6⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        5⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        6⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        5⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        5⤵
        
        PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        5⤵
        
        PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
      4⤵
      PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
      4⤵
      PID:12284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
    3⤵
    - Executes dropped EXE
    PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
      4⤵
      PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
        5⤵
        
        PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2130.exe
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
      4⤵
      PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
        5⤵
        
        PID:15492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
      4⤵
      PID:9860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
      4⤵
      PID:14684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
    3⤵
    PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
      4⤵
      PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
      4⤵
      PID:14964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
    3⤵
    PID:6748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
    3⤵
    PID:10352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
    3⤵
    PID:4632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
    3⤵
    PID:14568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        9⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
        9⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        9⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        9⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 748
        8⤵
        Program crash
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        8⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        8⤵
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        7⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
        8⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        8⤵
        
        PID:14796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        7⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
        6⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        7⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
        7⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        6⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
        6⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        6⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        8⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        8⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58374.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
        7⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        7⤵
        
        PID:13716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        6⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        7⤵
        
        PID:15648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 764
        6⤵
        Program crash
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
        5⤵
        
        PID:6088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59069.exe
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        6⤵
        
        PID:6332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
        5⤵
        
        PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        5⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30596.exe
        5⤵
        
        PID:14396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
        6⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50327.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60758.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        8⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20769.exe
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        7⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        7⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        6⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        8⤵
        
        PID:13464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15690.exe
        8⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        8⤵
        
        PID:3684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 616
        7⤵
        Program crash
        
        PID:11984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
        6⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        7⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        6⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        6⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        7⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        7⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        7⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        6⤵
        
        PID:212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2810.exe
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        6⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        5⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52230.exe
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        5⤵
        
        PID:16344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5460.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        6⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        6⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 716
        5⤵
        Program crash
        
        PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
        6⤵
        
        PID:15928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        6⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21565.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        5⤵
        
        PID:14836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31445.exe
      4⤵
      PID:9916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16814.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25401.exe
      4⤵
      PID:1868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        6⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
        7⤵
        
        PID:14956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        7⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36086.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        6⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        6⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        7⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15394.exe
        7⤵
        
        PID:6796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 640
        5⤵
        Program crash
        
        PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        6⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        7⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22970.exe
        7⤵
        
        PID:15096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18573.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        6⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        6⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        5⤵
        
        PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        5⤵
        
        PID:12304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35190.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8868.exe
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        6⤵
        
        PID:584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 632
        6⤵
        Program crash
        
        PID:744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
        6⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        5⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        5⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
      4⤵
      PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        5⤵
        
        PID:11776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        5⤵
        
        PID:16140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        5⤵
        
        PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23974.exe
      4⤵
      PID:9996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
      4⤵
      PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
      4⤵
      PID:7684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27086.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
      4⤵
      PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        5⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        6⤵
        
        PID:14180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        6⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        6⤵
        
        PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        5⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
        5⤵
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
      4⤵
      PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64595.exe
        5⤵
        
        PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
      4⤵
      PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43146.exe
      4⤵
      PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
      4⤵
      PID:10432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
    3⤵
    PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
        5⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        5⤵
        
        PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
      4⤵
      PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
      4⤵
      PID:13852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
    3⤵
    PID:7020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
      4⤵
      PID:9116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
      4⤵
      PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
      4⤵
      PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
      4⤵
      PID:6444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
    3⤵
    PID:9328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16908.exe
    3⤵
    PID:9700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
    3⤵
    PID:14296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52241.exe
    3⤵
    PID:10216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46430.exe
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
        8⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        7⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        7⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        7⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        7⤵
        
        PID:15304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 724
        5⤵
        Program crash
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        7⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39039.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        7⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        5⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27699.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
        6⤵
        
        PID:10128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 656
        5⤵
        Program crash
        
        PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
        5⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        7⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        7⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
        6⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        6⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        5⤵
        
        PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        5⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33015.exe
        6⤵
        
        PID:13096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        5⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26635.exe
        5⤵
        
        PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        5⤵
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
      4⤵
      PID:10000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 748
      4⤵
      Program crash
      PID:11448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        5⤵
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        7⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        8⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        8⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
        7⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        7⤵
        
        PID:15396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        6⤵
        
        PID:9872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        6⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        6⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        7⤵
        
        PID:13356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        7⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        6⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        5⤵
        
        PID:14592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35253.exe
      4⤵
      PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        6⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        7⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        5⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
        5⤵
        
        PID:14384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
        5⤵
        
        PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
      4⤵
      PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
      4⤵
      PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
      4⤵
      PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44068.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
      4⤵
      PID:10724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
        5⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49926.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        6⤵
        
        PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1453.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2694.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        5⤵
        
        PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
      4⤵
      PID:7240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
    3⤵
    PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        5⤵
        
        PID:5976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 672
        5⤵
        Program crash
        
        PID:16148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
      4⤵
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
      4⤵
      PID:14244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
    3⤵
    PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
      4⤵
      PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
      4⤵
      PID:15960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
      4⤵
      PID:10652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
    3⤵
    PID:9336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
    3⤵
    PID:9704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
    3⤵
    PID:6600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
    3⤵
    PID:3808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19327.exe
        8⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29541.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49011.exe
        7⤵
        
        PID:14732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        7⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62629.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
        7⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        7⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        6⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        6⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60299.exe
        6⤵
        
        PID:7204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18645.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        6⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
        7⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63250.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47222.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        5⤵
        
        PID:8
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        5⤵
        
        PID:13452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 740
      4⤵
      Program crash
      PID:5484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        6⤵
        
        PID:14608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 640
        5⤵
        Program crash
        
        PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        5⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        6⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64150.exe
        5⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        5⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18954.exe
        5⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49105.exe
        5⤵
        
        PID:10076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
      4⤵
      PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
      4⤵
      PID:10920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
    3⤵
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
      4⤵
      PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        6⤵
        
        PID:11292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        6⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-593.exe
        6⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-252.exe
        5⤵
        
        PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
        5⤵
        
        PID:11968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7965.exe
        5⤵
        
        PID:11984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-593.exe
        5⤵
        
        PID:10756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
      4⤵
      PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
      4⤵
      PID:428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
    3⤵
    PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
      4⤵
      PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        5⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
        5⤵
        
        PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63470.exe
      4⤵
      PID:10656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
      4⤵
      PID:12320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58045.exe
    3⤵
    PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
      4⤵
      PID:12780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7226.exe
      4⤵
      PID:6464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
    3⤵
    PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
    3⤵
    PID:11700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25401.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
      4⤵
      PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        6⤵
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
        6⤵
        
        PID:16204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        6⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        6⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2957.exe
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        5⤵
        
        PID:5848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        5⤵
        
        PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        5⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        5⤵
        
        PID:14644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
      4⤵
      PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
      4⤵
      PID:10796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
      4⤵
      PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30697.exe
      4⤵
      PID:13732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5277.exe
    3⤵
    PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        5⤵
        
        PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34460.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
      4⤵
      PID:13548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
      4⤵
      PID:12084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
    3⤵
    PID:9364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
    3⤵
    PID:11692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
    3⤵
    PID:14164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
    3⤵
    PID:9560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
      4⤵
      PID:6576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 652
      4⤵
      Program crash
      PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
      4⤵
      PID:12096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
      4⤵
      PID:9552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
    3⤵
    PID:7276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
    3⤵
    PID:11784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:14372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
  2⤵
  PID:6164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
    3⤵
    PID:7860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
      4⤵
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21345.exe
      4⤵
      PID:15440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
  2⤵
  PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
    3⤵
    PID:11856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
    3⤵
    PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
    3⤵
    PID:9628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
  2⤵
  PID:10708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1269.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1269.exe
  2⤵
  PID:12976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
  2⤵
  PID:15332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2980 -ip 2980
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1440 -ip 1440
1⤵
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2472 -ip 2472
1⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3744 -ip 3744
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4496 -ip 4496
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4076 -ip 4076
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5064 -ip 5064
1⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4896 -ip 4896
1⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3080 -ip 3080
1⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4392 -ip 4392
1⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5280 -ip 5280
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5368 -ip 5368
1⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3604 -ip 3604
1⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5152 -ip 5152
1⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5504 -ip 5504
1⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5276 -ip 5276
1⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5232 -ip 5232
1⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6212 -ip 6212
1⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 3860 -ip 3860
1⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 1328 -ip 1328
1⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3896 -ip 3896
1⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4160 -ip 4160
1⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1020 -ip 1020
1⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 3368 -ip 3368
1⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2528 -ip 2528
1⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 5636 -ip 5636
1⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 6000 -ip 6000
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 6164 -ip 6164
1⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2452 -ip 2452
1⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5828 -ip 5828
1⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 6172 -ip 6172
1⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5192 -ip 5192
1⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5492 -ip 5492
1⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5420 -ip 5420
1⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5820 -ip 5820
1⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6396 -ip 6396
1⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3264 -ip 3264
1⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1744 -ip 1744
1⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5856 -ip 5856
1⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 7220 -ip 7220
1⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6576 -ip 6576
1⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5312 -ip 5312
1⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 4664 -ip 4664
1⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4436 -ip 4436
1⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5972 -ip 5972
1⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3144 -ip 3144
1⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4452 -ip 4452
1⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 7652 -ip 7652
1⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6864 -ip 6864
1⤵
PID:13964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7752 -ip 7752
1⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5012 -ip 5012
1⤵
PID:14704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5672 -ip 5672
1⤵
PID:15124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5932 -ip 5932
1⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5136 -ip 5136
1⤵
PID:14472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5708 -ip 5708
1⤵
PID:14928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5860 -ip 5860
1⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3516 -ip 3516
1⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6892 -ip 6892
1⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6380 -ip 6380
1⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 112 -ip 112
1⤵
PID:14708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7680 -ip 7680
1⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 7436 -ip 7436
1⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 404 -ip 404
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 3180 -ip 3180
1⤵
PID:464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7252 -ip 7252
1⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5404 -ip 5404
1⤵
PID:14408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6952 -ip 6952
1⤵
PID:14812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 7728 -ip 7728
1⤵
PID:16008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 9008 -ip 9008
1⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4032 -ip 4032
1⤵
PID:16128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7112 -ip 7112
1⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 5752 -ip 5752
1⤵
PID:10876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe

Filesize
468KB

MD5
d6473401c28a1f0be88fbc733f2fce44

SHA1
c8912d86be19f5a92f4538ca053100238ab30c91

SHA256
18e5f58a98f8bf7916bc9c6f118107dec33c7b0eb9915e877c7740ac204bad97

SHA512
0c67f1cb8f71b2877e845ef0d34e5f51ffa9250e8d3402daca90b341cbc23fc01a540825e09b8520a0e95fef9b75987dcf0d087426e7813956fe0dac8e71f25a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe

Filesize
468KB

MD5
0889f7a6dd4d5f102fa3a9333eb6be80

SHA1
e73cc503bb80b07b345cb99827dad5d247d5faf2

SHA256
470fe801a7fedb9e6a1d65b2c57ae6d8dd40a4943155c4c86337c2de28993d5d

SHA512
d8fa2d4efb15de8c0e8c369aebc3b3698ac477ab470f3f19d7ac8382d9653c1f24b5dbf918c1ad58f4ab0ffa0b48b6d21796f4f8a51f4cfae3f0465af2dd0481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe

Filesize
468KB

MD5
15dc46615c756584225a68d0531729a4

SHA1
6eee0047692c4d2c39f5263a995aca1c21e34cbd

SHA256
842e9d1116d40b203546a05f8e29e6f3b24c1ade6a070c74202f6f5d9226c96e

SHA512
31fadaa53be3e39afc5e6cd78198650ed35235dc3c881efe39b26593b0aac33b2add5cfbad35da1c592c7b20e17c78f8bbb7260c98a7b0f91bf8a2cef65e94a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe

Filesize
468KB

MD5
2e08fbf26d1d790d93f1944f47cd5d37

SHA1
ba81eddf944f6fbeec40c677af8c2838040e7f0e

SHA256
1b1ce69ed71028b7c1219bc56dc05a15d60d67a97443f9d5186eab14f8268bc3

SHA512
a1f46294333d14c92dfaa2be974e943b800cacc0c6e7a3a64985a8ffa6de4a3499d2be3f78f1d36f2f9bdce274b81f07b8e0db8e743a66596ae4a790eeec6ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14454.exe

Filesize
468KB

MD5
5392ccca3fe33a8e4d6d3d7dac8c3ddd

SHA1
fdddf7f68a4e422fb02c63a1d2f50fc3341f5d8f

SHA256
4bc0dd2b5d8d1b0a984dc48782d2190b382ac53d90c8b0989fcc0babe5ef618c

SHA512
ebc5fabc4f65540187b39cc23293dadc31327adf69d5714f3d5e69dda95d7a0033aaf3e2ade68697585f5fc7a0da3ddb22e3fa9200e9af8ce37c05adde52dfeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe

Filesize
468KB

MD5
522f03f9f96efc6fdcb24a1d9c7e9563

SHA1
afc27bd6e6be413f7ede8d798706add090e916bb

SHA256
34b1a13fe730e48bf8d197742bdbb58844aff99474d3acdcae37cc78d76c968d

SHA512
4fb9f015497430714926ea70abc0531872ec0dd043a6524195130aff2bea13f61ca60d733db101454d70e32be636fbac290a4b861c6da6b321b5e3340c878fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe

Filesize
468KB

MD5
10d1a3bc9b0c59537e7e25b95a243f6b

SHA1
cbbf2adfdbde932c49f7ca067db344e0c46451d6

SHA256
5f1e57df58b3490e55c0f4d3f3964e8cdb017e1c70743280a53e4a05be40ef2b

SHA512
e61c32fbc7357e3ac24e37a06cf710a772666cc1cef28ca460b9e56b31710b19a203c15c327d8c25cb0af7123fc8906c5e2e9ac1f490fd79646b049bea4624ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe

Filesize
468KB

MD5
3c697703325c513aad2d544f14fc6a2b

SHA1
36bf8ab6bf68fd66bd2946660c5c8c9927cc1b69

SHA256
da0080700d36b9e66448787efea8fbf299f0c0aa7de786618024cf297413beb9

SHA512
680b1bf4dc68a2666d41561cb0553ff44d8f7bad2959076d5c600562cec2a97208e2175ad66d2c28ffdf8b2a3f8115cf8e6fb9a3bcdbf7101d10ff11c0f5b1a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18812.exe

Filesize
468KB

MD5
5f3e72fbf7a21dd88b62717d8d78faba

SHA1
8fb82d50a50b25a44dac960b3c1562856fd7a76d

SHA256
0b6b62f0c8bc2afe55ea5f48c2c57dc2e79bf328f2d1287c4d5a0e4566eced0d

SHA512
1ae88056beb979269d750127ce99b1cebd3f4a8b0369b87260f775ae33c9ee420e817e15b28b5a36ac45011e9bfe478d3f8ea8239be33fb6859e4f114e8116f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe

Filesize
468KB

MD5
d899f6ffa45596277e946c34c8c868eb

SHA1
a0d5cd26f7f4a42a84f400cfd0135a9c3b00eb48

SHA256
01675703c2c881ca9b8535b9e4bf5d4ee07fcf8e95df953b073a3fe0719a8645

SHA512
fc227b2191ab8aaf4b6549095befe2c66c0d0acf88cb29e3132d542423d7df6ea850250e3c268669553e722b508a77ca2152bcf6ba40be26166b7320a5963118

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe

Filesize
468KB

MD5
39d8407464d610771ac1ca0bf7340ff5

SHA1
65d236aab5f0fee6f859758c94e822f49e54862b

SHA256
52243b71240ee57922cb7c75c6d38471ddab3d47f6a4f3ff1a7b4b7e0a1712ca

SHA512
9b9a53e5a42e4f49b5f74b80caf5d756d017902d5765590a6a8601f1b6f9fcc701a6c53e9338741b083ceca4cb5a44f01533395dc3424648389705380f355947

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe

Filesize
468KB

MD5
12b0e6f10242e2d715d9788d10399cce

SHA1
3208f0d3c0e8083c66e03c609f7fde6e0323d67f

SHA256
bae11a71c436c57136eb32b83729d78a5c4f105bbeb53e71c6f77526cc464c6b

SHA512
3e2764dd98130160a94f56d87781d166d4b513da3f1ee70e8e5e7286c237713aefd72aa9237f1b024d030b0242fdbe9bdc8e1ad933eefe6f8cbb34391cafb496

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe

Filesize
468KB

MD5
05a3505f9e6c974deb8c97683c1e08fd

SHA1
e7286f250a5c6bfcb559260e3c7e1f5d42c820dc

SHA256
33e97aa20d18966d85cc0f39fccc9f1a99bf4c7a1efa8236832f7bbee91f7b27

SHA512
37c1edab99c6ae93e22730432ffe064d2195082abb92b37b7edbe465e420fe6e9563c23e06d14b5715ae5576f9e1a80b35ca9bf1269e14358bad9bdfcb58350d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe

Filesize
468KB

MD5
5c803fac3d52a28b6e4f21bdb47cc8fd

SHA1
2024a229d40fab557c39819ba23082b7247dedd9

SHA256
ea9019fa42b6ce77ea7a8da7b6f988030975d25cea16a63fdedc76c792adb3de

SHA512
00faa596af427d5f4ed56d2af9ef1c4e0db541ca23ab378f935ddc9d215bbca39134ba0ee13189a37849acae75ad7a40165e400cbb4a5e1d643654b01c3dd070

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe

Filesize
468KB

MD5
c98d9e9c9b386275fde3bf42687c8271

SHA1
e87e3f11baa7179d0d1d3897129c70da48572015

SHA256
f1fb4262ccc228bcf343dbc07e0ef02f64d24f2d27829f53bb573666b42abaaa

SHA512
4d3613c4f69e7b2afcfee4dcc5211805f8d80cb7ad0d4aa53e0e0398c55ecf58575a0d3b1777f57be7d0b12cb6a272a732931955ffb0c03851536fd2ef7d148e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe

Filesize
468KB

MD5
fb207dc8b7ac3f2ba970dc517b24d495

SHA1
fe9dcc7cacc1e37ef63f76a553ba9d828e6d8a62

SHA256
2b69698a28ead7a65a87fd0c826ef4a3577e2b4910933bfbf4e8125bb6842442

SHA512
d3d5312e83c56a8dea002254c72d2ba12fccb564ec0f9b05f8372d543aadaa9a803fc0a4ebe70a87426c71d91b473e528c284a6f7a9dfb02aceafd1fbc026dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe

Filesize
468KB

MD5
fffae51484266191e5effc82a3592d27

SHA1
dbc00164087fa09959c4a6d5e08c1680a7e2b7ee

SHA256
446cea49ddd9e9beddaa41f7ae8645bec6363ed10689727d23396be7e0a0e14b

SHA512
8c8d39cbe06d30f50002437da2951d85b9131efb461ede2d3f9733b24ed5cb8711822e05773d0efc858f8f643b14f7e9e2132849d4e897cf60a486b81484659c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe

Filesize
468KB

MD5
a522290fb2702f75d0bd472e90e5617f

SHA1
8434f1a7ab473952157496e62dbe6fa9f418826b

SHA256
1823b5ad00b128365b1402bdf1f8203eeb875fcc0d367d849aa84f863486bcf6

SHA512
f8de6cf8bc7802c38f613aac3d81e7b9dd9b9e09d8b3f0e387487e8ec3c764cf774f8d8932b3319e75ab9e6ebc61ec8aa12fa4998fde8c5c09416ae954ba5fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe

Filesize
468KB

MD5
ddd9cc6e696e6cae3ebefe02b36799d2

SHA1
84e2cc61de07dc0ef62431ce27322283c07d142c

SHA256
5ca625377f27c3c189f04defdd3f56961f2cea4953d85ba1b0765540402958da

SHA512
50d7b4cec237a3554726bb245baab2b711b1aa6dc9106dcf49b755fee10e3bff368481cabced9637038199505ad441b1142cb082871f495d26c1f717f2412fca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe

Filesize
468KB

MD5
3185f6a3371bcac52d583000752646cc

SHA1
5bf1f2e8071aa4f200147ed11fb99c687fd69589

SHA256
7602a72a10086d886706b10b66125cd9e1253a9050d575dffe4f182f77365cde

SHA512
f6f49be18183533160347db2b4bdeacd7911f468124dce209e56e09babe121aea44b15007ea297313d8768bf2f1989d85580010662da78e98544c3ea4f3c53e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4542.exe

Filesize
468KB

MD5
13bb5e1d19905b5e0e04d1eaff82deae

SHA1
3c2e19dd09e9000368d40776a5d75032e2e3cefd

SHA256
e8ad594ebe597020e034db909e58e4ea99aff65cacadef31509314544eccb5e1

SHA512
f7721966b9a7474223a276b7ce247bf3f067c169f2fc15e6f8aad3f2ac2e64699bbf55813346a002cb5a13f6ccc6423765a6cfac55ed6f5d8bd96e084ebcdae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe

Filesize
468KB

MD5
9bbd290c175c8f41d997df5e5826830e

SHA1
29fc9368b9009dc7aae84817d3d1f1dde8360383

SHA256
3212ef7214564a793bbea720eb2e98f74adf2de7c97e46f18cdc15105a06bdce

SHA512
96f24a004dfe5eec1c5adf3ba6b7b9f712230571796872a979ce9c80dc1ac7eb2b7223b6c6a4cb4b33d0e2972b444708d126ff0a7d3cec5df1fe035c6b246add

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46006.exe

Filesize
468KB

MD5
179ebb90fe5fbb5db8db9fc00e46e83a

SHA1
00f4161a47b5ee9db046aed0dcf9a0a92534067e

SHA256
979bfde81cc3fbb4ed1aea798ac511d3e8621368e4e780d0050ca451917f704b

SHA512
1add14ff9c9d25b5ef120d59058cb67a0b52b13dc872ff1204e242e57058d2d8519c70ed0dad00ab4f9f9582b2c15af24a88a55ad9650945a5eb8531a621bf5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe

Filesize
468KB

MD5
b2c505a7c3c5d4d9933a2dfc848941d6

SHA1
5a1dcf69fb16f61fb04696353a3fc3a5b82576e3

SHA256
74bf855ac8e5dc0737e6e9497ff5e3bffd961a33430a17c6e42d38874c72a3ec

SHA512
0de2d168df56f7dd568c1f36a5e290d162f5be23073614f157112dc1de9baf80e09b7de0fa48afede99882cc0b0124d0e26b0808ae14267cb6ee090fc82a1026

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe

Filesize
468KB

MD5
1e09a6d65631572ebb6f3bbf2dcc49de

SHA1
0a91ca5e4281fd266a6bccdf626a0470298058cb

SHA256
2a4562c5939c975b1b9cef23629f84d9539d0992475fd68f46f0d43db694abf3

SHA512
1615965ca5167adec9508d76782cedbcaf00e95806b4d87b90e69d04ead69695b42fb0d732e005edcbd04a9911d228631e144604be3e0402d19c85932a1af7cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe

Filesize
468KB

MD5
5d30816cc2b3d5dd26be8511ddc9f2af

SHA1
c3cfbcc9514796191ff1a3476969d367e6577e1b

SHA256
4e907cf12d4364776027b58686af14ab69d62129a8bfd4a8b220592b6080138f

SHA512
6d049990fcb9c22b8e006285653f9321a0f2cec39b111cfdcf4ca0b01be4062c88feb6e4715b085f83b75754832aee9bee8fd176c65e1c519d289eca44eadf46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55030.exe

Filesize
468KB

MD5
609402268fa57d6cfba0846a51a1c08d

SHA1
23f66c9dfb88817f9d44f7e66fb0374835bb722c

SHA256
b2337f11c91e3400ffaab88fee11ecad581ec9955bcdb915026057d283df80a1

SHA512
0a609a93bfa1c03cce52862f841055d145d5f2b6e9d18ea48304309278141788e81ffce52687d4fa36e81d3d7abb1a4827aaa0139c003a4162d2a47b2f44c0e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe

Filesize
468KB

MD5
ce3d48d8710482bac5f004ac3e8b4129

SHA1
ecd5fba819d0009ceeb80afb186bf833e207cbe3

SHA256
59061f2d1a76690d7b011bbd290a88bb63407d4d23e73d603ece4907db935293

SHA512
b1ab0b24200069fdda1b0e24e20d0839a7d42d262b7301256a0eaf3c0be78a5cc3a4ec2538cf4951b2beaa6d7c9e74551f3db950fda077d92acb203dc0546861

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe

Filesize
468KB

MD5
8563c72f75daf8b0920c2256db2dafc1

SHA1
d607e377f366620b6fe46b8e8e8d66243c5bb4df

SHA256
8f4645c91f885352fafbc93c5a6190e9951dee96770ffaf59f10b96fb36ba05a

SHA512
24ed7026cbeb4fd2c8d53df1c2b8bf86a60eacd80029c046fea6ed0795097398c89abf45ed494b00cab938daf45843b3b4ffc4d93df6bacc182d5a0b82f8151e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe

Filesize
468KB

MD5
c4b50ac8f95573bf58ea72c210dda8a1

SHA1
8a5f313d63c1b57d9b88b448c7f5373d2342ac9e

SHA256
c5f3e66476b65ac1213154c45d45fb2558112551555058d0b389aa826392d8a7

SHA512
99d641a77d9b8e0b402cadff02fcf239df23658109f112b8735ebbcc3a796bf1fcd97003a5d2123767f6aafe9c65e29c681437da4bd13864efe99041b6786f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe

Filesize
468KB

MD5
686f1db5e39f9c6541214e8724118f0b

SHA1
c46253ab518b013fb44052abe10088feeecdcab6

SHA256
57fce030579e01e9285a7ecec050edc5a64712b9061adacf8f76e1bc879c3294

SHA512
9052773cf140d939ff2dce50705bcb8f018ce65d59dcddf11bcd46f4014aa638b185cc6b8632304a6d863c592f64f6844bb4cc12b6301f32e1f6620f1bada94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe

Filesize
468KB

MD5
444d3e27505b5d81fd77b9753f2628ca

SHA1
4c1113a9e9b3a3cebfd57275b0922ea841979347

SHA256
e3ba85878eb73ddfce7fe353e10c609f648ac8089cebfcf4a695631694d26310

SHA512
980f03e1d6c1b358ba22050cb48f802fd8454d1808cc79616828dd0d9adf11e647f773a2a646c55c76685703f045a6cc6a1efd1ef3254d31a177e56b3d45283c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8694.exe

Filesize
468KB

MD5
3e1718665806514eea5468aef7a1c70e

SHA1
329c885b6da74845c165bbc67790739744bdfa4f

SHA256
171a8e13854513c308cca6a5b140aef2e7f2513fbe4c9163ac2966665626d95e

SHA512
e323a0511f0186b68759ed14c934b63d3030cbd88788570813b3c5a0e3b345f85bc612a9628b58e1a346f6b9dc49ff3f6c582a4afd44388e04d28897947f3aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe

Filesize
468KB

MD5
cff053bd6af8eddeb20949dccb04b2d1

SHA1
83910704143e7cb43243f58d078651854f91a6e4

SHA256
5bd06733178bd0dde120243d9705aa8c21d591dc3ef0af1bb3f80479376276b8

SHA512
d1ce39cb79c15a7bd692f4e486779fea2c356ba5f949775c7e69f63d393e728984c4e5ccae1816043b5519b7088bc8c3d4c32019c08ffc7e0bb25e5d71c44142

Download Submit
memory/112-89-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/112-2965-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/396-20-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/492-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/768-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/956-27-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/984-268-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-384-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1088-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1284-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1312-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1328-318-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1404-207-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1440-111-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1516-74-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1580-234-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1696-7-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1700-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1744-265-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1856-204-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1968-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1980-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2020-244-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2472-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2980-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-357-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3028-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3052-39-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3080-228-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3092-193-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3144-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3152-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3160-87-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3180-545-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3240-136-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3264-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3348-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3352-537-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3516-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3552-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3604-358-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3744-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3836-390-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3888-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3896-280-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3940-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3984-61-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4000-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4032-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4076-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4160-334-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4272-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4380-363-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4392-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4400-203-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4420-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4428-137-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4436-546-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4452-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4488-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4496-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4540-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4664-55-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/4896-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5008-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5012-88-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5064-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5080-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5152-538-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5156-414-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5184-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5192-539-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5232-543-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5236-427-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5252-428-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5276-544-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5280-429-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5312-430-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5368-431-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5420-432-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5432-433-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5496-434-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5624-459-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5672-547-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5708-479-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5752-473-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5828-482-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5840-489-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5860-490-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5896-491-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5908-492-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5972-493-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6000-495-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/6060-494-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/15472-2964-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16180-2961-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16192-2950-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16204-2951-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16332-2963-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/16344-2952-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download