1236d8301bfc846d922a22485a241b4398a312d986c8c6e5431a76fff3b668ca

Analysis

max time kernel
97s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

d26035a43e94ae802d551cec222212e0N.exe
Size

468KB
MD5

d26035a43e94ae802d551cec222212e0
SHA1

c89928fd4548bec77fc09eec0a19092242138433
SHA256

1236d8301bfc846d922a22485a241b4398a312d986c8c6e5431a76fff3b668ca
SHA512

1b081d702c3c346d34189a04c0bf84e72cce51d5149f7654b5b1c041944648903e0238e995783f6b12edd62d61d9c3f100e173caa433994f5c97b7afca31fffe
SSDEEP

3072:SOPsogKEIV5jtbY94fc+Jf8w4ChVSppLJEHCxVWNuWBLSdJughlH:SO0oLjjtS40+Jf6fxSuWdeJug

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3400	Unicorn-60395.exe
3660	Unicorn-33535.exe
220	Unicorn-21837.exe
3112	Unicorn-35995.exe
3228	Unicorn-42117.exe
4888	Unicorn-48247.exe
3268	Unicorn-28381.exe
1132	Unicorn-14946.exe
952	Unicorn-3249.exe
768	Unicorn-39451.exe
3176	Unicorn-43535.exe
4280	Unicorn-63571.exe
2904	Unicorn-57441.exe
3048	Unicorn-63306.exe
1424	Unicorn-43705.exe
2116	Unicorn-38211.exe
4560	Unicorn-30981.exe
896	Unicorn-54931.exe
1140	Unicorn-13898.exe
4492	Unicorn-3684.exe
3984	Unicorn-26705.exe
2236	Unicorn-46571.exe
4276	Unicorn-48225.exe
3824	Unicorn-54355.exe
2748	Unicorn-62523.exe
1104	Unicorn-46742.exe
3328	Unicorn-1070.exe
3944	Unicorn-61761.exe
1492	Unicorn-58994.exe
8	Unicorn-13057.exe
1848	Unicorn-49046.exe
400	Unicorn-44215.exe
1948	Unicorn-634.exe
5024	Unicorn-9357.exe
3032	Unicorn-13441.exe
4652	Unicorn-24755.exe
2472	Unicorn-40826.exe
408	Unicorn-45175.exe
2396	Unicorn-60617.exe
4960	Unicorn-13654.exe
1768	Unicorn-21823.exe
4040	Unicorn-29991.exe
4620	Unicorn-36113.exe
2092	Unicorn-42243.exe
3748	Unicorn-26461.exe
3804	Unicorn-50411.exe
3012	Unicorn-50411.exe
4820	Unicorn-58195.exe
3656	Unicorn-60233.exe
4972	Unicorn-13078.exe
1416	Unicorn-6948.exe
1064	Unicorn-62279.exe
4356	Unicorn-1381.exe
4384	Unicorn-20981.exe
1328	Unicorn-20484.exe
4520	Unicorn-3949.exe
2088	Unicorn-9549.exe
4508	Unicorn-42435.exe
456	Unicorn-40389.exe
180	Unicorn-26291.exe
3292	Unicorn-14593.exe
4044	Unicorn-31527.exe
464	Unicorn-19829.exe
5004	Unicorn-30951.exe

Program crash 17 IoCs

pid	pid_target	Process	procid_target
9080	6804	WerFault.exe	346
9096	7252	WerFault.exe	341
18260	1828	WerFault.exe	797
18316	14456	WerFault.exe	805
18400	16484	WerFault.exe	829
17464	16424	WerFault.exe	825
17636	3684	WerFault.exe	820
17628	16440	WerFault.exe	826
17840	16284	WerFault.exe	822
17760	3028	WerFault.exe	818
18008	17132	WerFault.exe	843
17472	18072	WerFault.exe	976
17988	17116	WerFault.exe	842
18164	17260	WerFault.exe	847
16636	16432	WerFault.exe	854
17584	2984	WerFault.exe	870
17776	17404	WerFault.exe	864

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58195.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26751.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27829.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9549.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19853.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4760	d26035a43e94ae802d551cec222212e0N.exe
3400	Unicorn-60395.exe
3660	Unicorn-33535.exe
220	Unicorn-21837.exe
3112	Unicorn-35995.exe
3228	Unicorn-42117.exe
3268	Unicorn-28381.exe
4888	Unicorn-48247.exe
1132	Unicorn-14946.exe
768	Unicorn-39451.exe
952	Unicorn-3249.exe
1424	Unicorn-43705.exe
4280	Unicorn-63571.exe
2904	Unicorn-57441.exe
3176	Unicorn-43535.exe
3048	Unicorn-63306.exe
2116	Unicorn-38211.exe
4560	Unicorn-30981.exe
896	Unicorn-54931.exe
4492	Unicorn-3684.exe
3824	Unicorn-54355.exe
3328	Unicorn-1070.exe
1104	Unicorn-46742.exe
2236	Unicorn-46571.exe
1492	Unicorn-58994.exe
3944	Unicorn-61761.exe
2748	Unicorn-62523.exe
4276	Unicorn-48225.exe
1140	Unicorn-13898.exe
3984	Unicorn-26705.exe
8	Unicorn-13057.exe
1848	Unicorn-49046.exe
400	Unicorn-44215.exe
1948	Unicorn-634.exe
5024	Unicorn-9357.exe
3032	Unicorn-13441.exe
4652	Unicorn-24755.exe
2472	Unicorn-40826.exe
408	Unicorn-45175.exe
2396	Unicorn-60617.exe
4960	Unicorn-13654.exe
1768	Unicorn-21823.exe
4040	Unicorn-29991.exe
4972	Unicorn-13078.exe
3804	Unicorn-50411.exe
3012	Unicorn-50411.exe
2092	Unicorn-42243.exe
4620	Unicorn-36113.exe
3748	Unicorn-26461.exe
1064	Unicorn-62279.exe
3656	Unicorn-60233.exe
1416	Unicorn-6948.exe
2088	Unicorn-9549.exe
4520	Unicorn-3949.exe
4384	Unicorn-20981.exe
4356	Unicorn-1381.exe
4820	Unicorn-58195.exe
1328	Unicorn-20484.exe
4508	Unicorn-42435.exe
456	Unicorn-40389.exe
3292	Unicorn-14593.exe
180	Unicorn-26291.exe
464	Unicorn-19829.exe
5004	Unicorn-30951.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 3400	4760	d26035a43e94ae802d551cec222212e0N.exe	87
PID 4760 wrote to memory of 3400	4760	d26035a43e94ae802d551cec222212e0N.exe	87
PID 4760 wrote to memory of 3400	4760	d26035a43e94ae802d551cec222212e0N.exe	87
PID 3400 wrote to memory of 3660	3400	Unicorn-60395.exe	92
PID 3400 wrote to memory of 3660	3400	Unicorn-60395.exe	92
PID 3400 wrote to memory of 3660	3400	Unicorn-60395.exe	92
PID 4760 wrote to memory of 220	4760	d26035a43e94ae802d551cec222212e0N.exe	93
PID 4760 wrote to memory of 220	4760	d26035a43e94ae802d551cec222212e0N.exe	93
PID 4760 wrote to memory of 220	4760	d26035a43e94ae802d551cec222212e0N.exe	93
PID 220 wrote to memory of 3112	220	Unicorn-21837.exe	95
PID 220 wrote to memory of 3112	220	Unicorn-21837.exe	95
PID 220 wrote to memory of 3112	220	Unicorn-21837.exe	95
PID 3660 wrote to memory of 4888	3660	Unicorn-33535.exe	96
PID 3660 wrote to memory of 4888	3660	Unicorn-33535.exe	96
PID 3660 wrote to memory of 4888	3660	Unicorn-33535.exe	96
PID 4760 wrote to memory of 3228	4760	d26035a43e94ae802d551cec222212e0N.exe	98
PID 4760 wrote to memory of 3228	4760	d26035a43e94ae802d551cec222212e0N.exe	98
PID 4760 wrote to memory of 3228	4760	d26035a43e94ae802d551cec222212e0N.exe	98
PID 3400 wrote to memory of 3268	3400	Unicorn-60395.exe	97
PID 3400 wrote to memory of 3268	3400	Unicorn-60395.exe	97
PID 3400 wrote to memory of 3268	3400	Unicorn-60395.exe	97
PID 3112 wrote to memory of 1132	3112	Unicorn-35995.exe	101
PID 3112 wrote to memory of 1132	3112	Unicorn-35995.exe	101
PID 3112 wrote to memory of 1132	3112	Unicorn-35995.exe	101
PID 220 wrote to memory of 952	220	Unicorn-21837.exe	102
PID 220 wrote to memory of 952	220	Unicorn-21837.exe	102
PID 220 wrote to memory of 952	220	Unicorn-21837.exe	102
PID 3268 wrote to memory of 768	3268	Unicorn-28381.exe	103
PID 3268 wrote to memory of 768	3268	Unicorn-28381.exe	103
PID 3268 wrote to memory of 768	3268	Unicorn-28381.exe	103
PID 3228 wrote to memory of 3176	3228	Unicorn-42117.exe	104
PID 3228 wrote to memory of 3176	3228	Unicorn-42117.exe	104
PID 3228 wrote to memory of 3176	3228	Unicorn-42117.exe	104
PID 4888 wrote to memory of 4280	4888	Unicorn-48247.exe	105
PID 4888 wrote to memory of 4280	4888	Unicorn-48247.exe	105
PID 4888 wrote to memory of 4280	4888	Unicorn-48247.exe	105
PID 3400 wrote to memory of 2904	3400	Unicorn-60395.exe	106
PID 3400 wrote to memory of 2904	3400	Unicorn-60395.exe	106
PID 3400 wrote to memory of 2904	3400	Unicorn-60395.exe	106
PID 4760 wrote to memory of 3048	4760	d26035a43e94ae802d551cec222212e0N.exe	107
PID 4760 wrote to memory of 3048	4760	d26035a43e94ae802d551cec222212e0N.exe	107
PID 4760 wrote to memory of 3048	4760	d26035a43e94ae802d551cec222212e0N.exe	107
PID 3660 wrote to memory of 1424	3660	Unicorn-33535.exe	108
PID 3660 wrote to memory of 1424	3660	Unicorn-33535.exe	108
PID 3660 wrote to memory of 1424	3660	Unicorn-33535.exe	108
PID 1132 wrote to memory of 2116	1132	Unicorn-14946.exe	109
PID 1132 wrote to memory of 2116	1132	Unicorn-14946.exe	109
PID 1132 wrote to memory of 2116	1132	Unicorn-14946.exe	109
PID 3112 wrote to memory of 4560	3112	Unicorn-35995.exe	110
PID 3112 wrote to memory of 4560	3112	Unicorn-35995.exe	110
PID 3112 wrote to memory of 4560	3112	Unicorn-35995.exe	110
PID 1424 wrote to memory of 896	1424	Unicorn-43705.exe	111
PID 1424 wrote to memory of 896	1424	Unicorn-43705.exe	111
PID 1424 wrote to memory of 896	1424	Unicorn-43705.exe	111
PID 768 wrote to memory of 1140	768	Unicorn-39451.exe	112
PID 3660 wrote to memory of 4492	3660	Unicorn-33535.exe	113
PID 768 wrote to memory of 1140	768	Unicorn-39451.exe	112
PID 768 wrote to memory of 1140	768	Unicorn-39451.exe	112
PID 3660 wrote to memory of 4492	3660	Unicorn-33535.exe	113
PID 3660 wrote to memory of 4492	3660	Unicorn-33535.exe	113
PID 3268 wrote to memory of 3984	3268	Unicorn-28381.exe	114
PID 3268 wrote to memory of 3984	3268	Unicorn-28381.exe	114
PID 3268 wrote to memory of 3984	3268	Unicorn-28381.exe	114
PID 952 wrote to memory of 2236	952	Unicorn-3249.exe	115

C:\Users\Admin\AppData\Local\Temp\d26035a43e94ae802d551cec222212e0N.exe
"C:\Users\Admin\AppData\Local\Temp\d26035a43e94ae802d551cec222212e0N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13654.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
        10⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        10⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        10⤵
        
        PID:15792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26440.exe
        10⤵
        
        PID:17916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        9⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        9⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
        9⤵
        
        PID:15540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        8⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        9⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        9⤵
        
        PID:14732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40010.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29068.exe
        8⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        8⤵
        
        PID:11488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        8⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20243.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
        9⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        9⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
        8⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
        8⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        8⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20835.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        8⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16528.exe
        7⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
        7⤵
        
        PID:15632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        7⤵
        
        PID:18340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        8⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31196.exe
        8⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        8⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19957.exe
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        7⤵
        
        PID:12348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        7⤵
        
        PID:16628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        7⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
        6⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        6⤵
        
        PID:13972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        6⤵
        
        PID:17260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17260 -s 452
        7⤵
        Program crash
        
        PID:18164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        6⤵
        
        PID:17812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        8⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
        9⤵
        
        PID:15952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23432.exe
        9⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        8⤵
        
        PID:14024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
        8⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30117.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
        8⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        8⤵
        
        PID:15888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        7⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        7⤵
        
        PID:15420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        7⤵
        
        PID:17436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5089.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
        7⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        7⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        7⤵
        
        PID:14608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        7⤵
        
        PID:17752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        7⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        6⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28775.exe
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        7⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        7⤵
        
        PID:17872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        7⤵
        
        PID:18364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
        6⤵
        
        PID:8824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        6⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        6⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        7⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
        8⤵
        
        PID:15876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        8⤵
        
        PID:18248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        7⤵
        
        PID:15900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
        7⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
        6⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25495.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        7⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        7⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        6⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52673.exe
        6⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        6⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        6⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        7⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        7⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        7⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63933.exe
        5⤵
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        5⤵
        
        PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31527.exe
        7⤵
        Executes dropped EXE
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
        9⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        9⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        9⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35597.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36979.exe
        8⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        8⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        8⤵
        
        PID:15808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26440.exe
        8⤵
        
        PID:17896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        7⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
        8⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        7⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        7⤵
        
        PID:14988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        7⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        7⤵
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        7⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        6⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        6⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
        8⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28700.exe
        8⤵
        
        PID:14520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        8⤵
        
        PID:17792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        7⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        7⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
        6⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26751.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        7⤵
        
        PID:17116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17116 -s 436
        8⤵
        Program crash
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
        6⤵
        
        PID:12592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        6⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        5⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
        6⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        7⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 476
        8⤵
        Program crash
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        7⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        7⤵
        
        PID:15816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        6⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        6⤵
        
        PID:17432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        6⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5120.exe
        6⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4120.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        5⤵
        
        PID:14460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3904.exe
        5⤵
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
        6⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        8⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3532.exe
        8⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
        7⤵
        
        PID:14356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        7⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        7⤵
        
        PID:4592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        6⤵
        
        PID:14632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
        5⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
        7⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        7⤵
        
        PID:14676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        7⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        6⤵
        
        PID:12508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        6⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        6⤵
        
        PID:9592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34556.exe
        6⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
        5⤵
        
        PID:8656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
        5⤵
        
        PID:12212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        5⤵
        
        PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40826.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39297.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        6⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        6⤵
        
        PID:12356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        6⤵
        
        PID:17560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        5⤵
        
        PID:10228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39637.exe
        5⤵
        
        PID:13620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19916.exe
      4⤵
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        5⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
      4⤵
      PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        5⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        5⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
      4⤵
      PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
      4⤵
      PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57541.exe
      4⤵
      PID:17864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
      4⤵
      PID:18144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        6⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        8⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        8⤵
        
        PID:12640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        8⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        8⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1929.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        7⤵
        
        PID:14780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        6⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        7⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 412
        8⤵
        Program crash
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        7⤵
        
        PID:12968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        7⤵
        
        PID:14728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39865.exe
        6⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53779.exe
        6⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10185.exe
        7⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        8⤵
        
        PID:12340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
        8⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        7⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        7⤵
        
        PID:14228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        6⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
        7⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        7⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        7⤵
        
        PID:17764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
        6⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        6⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        7⤵
        
        PID:17180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        7⤵
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        6⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        5⤵
        
        PID:7564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        5⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3182.exe
        5⤵
        
        PID:16432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16432 -s 464
        6⤵
        Program crash
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
        5⤵
        
        PID:7044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6366.exe
        7⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        7⤵
        
        PID:14456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14456 -s 464
        8⤵
        Program crash
        
        PID:18316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57082.exe
        6⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        6⤵
        
        PID:16440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16440 -s 424
        7⤵
        Program crash
        
        PID:17628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44256.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        6⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        7⤵
        
        PID:17316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        6⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        6⤵
        
        PID:12948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48057.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
        5⤵
        
        PID:13452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        5⤵
        
        PID:16536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
        5⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        6⤵
        
        PID:13520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63973.exe
        6⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2480.exe
      4⤵
      PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
      4⤵
      PID:14088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
      4⤵
      PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        6⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        7⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
        7⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        7⤵
        
        PID:12924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        7⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        7⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        6⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        7⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        7⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        6⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        6⤵
        
        PID:15392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        6⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-445.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41389.exe
        7⤵
        
        PID:14196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29847.exe
        7⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23117.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        6⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10985.exe
        6⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe
        6⤵
        
        PID:17936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        6⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        5⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        6⤵
        
        PID:13080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        6⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46104.exe
        6⤵
        
        PID:18280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        6⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        5⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39445.exe
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:16484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16484 -s 464
        6⤵
        Program crash
        
        PID:18400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
      4⤵
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        5⤵
        
        PID:11008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        5⤵
        
        PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3492.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
      4⤵
      PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
      4⤵
      PID:14696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57819.exe
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        7⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        7⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
        6⤵
        
        PID:15788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6163.exe
        6⤵
        
        PID:18296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
        5⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12978.exe
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60782.exe
        5⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        5⤵
        
        PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44275.exe
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        6⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        6⤵
        
        PID:18028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        5⤵
        
        PID:10280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        5⤵
        
        PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
      4⤵
      PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
      4⤵
      PID:13984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40937.exe
      4⤵
      PID:15980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20484.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        5⤵
        
        PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
        5⤵
        
        PID:14368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        5⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
      4⤵
      PID:10724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58162.exe
      4⤵
      PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
      4⤵
      PID:17268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13085.exe
    3⤵
    PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
      4⤵
      PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
      4⤵
      PID:12888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
      4⤵
      PID:14884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
    3⤵
    PID:6632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28532.exe
    3⤵
    PID:10000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
    3⤵
    PID:13324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
    3⤵
    PID:16320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
    3⤵
    PID:5968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        9⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
        10⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        10⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        9⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        9⤵
        
        PID:17768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
        9⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        9⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        9⤵
        
        PID:17036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        9⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        8⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        8⤵
        
        PID:16324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        7⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        8⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        8⤵
        
        PID:12612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        8⤵
        
        PID:16424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16424 -s 472
        9⤵
        Program crash
        
        PID:17464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        8⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        9⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:13420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
        8⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20620.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
        7⤵
        
        PID:17104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        8⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
        8⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
        7⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        7⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        7⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        6⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22642.exe
        6⤵
        
        PID:16284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16284 -s 452
        7⤵
        Program crash
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        8⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        8⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        8⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13797.exe
        7⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41373.exe
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
        7⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        7⤵
        
        PID:18196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15177.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        7⤵
        
        PID:15432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        7⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
        7⤵
        
        PID:18288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31808.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        6⤵
        
        PID:11740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25900.exe
        6⤵
        
        PID:14588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        6⤵
        
        PID:17776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37073.exe
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        7⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        7⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
        6⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13324.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
        6⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        6⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10081.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        6⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        7⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        6⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14409.exe
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        8⤵
        
        PID:15040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28526.exe
        8⤵
        
        PID:17596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        8⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        7⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        7⤵
        
        PID:17456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3501.exe
        6⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51535.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25053.exe
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        7⤵
        
        PID:18416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9612.exe
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65458.exe
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        5⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        6⤵
        
        PID:8032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23554.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        6⤵
        
        PID:13316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44637.exe
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        6⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        6⤵
        
        PID:14688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        6⤵
        
        PID:3412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        5⤵
        
        PID:8696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27820.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        5⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
        5⤵
        
        PID:17544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60617.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        5⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        6⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        7⤵
        
        PID:13332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        7⤵
        
        PID:16264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52474.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
        6⤵
        
        PID:17884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18997.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
        6⤵
        
        PID:18384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        5⤵
        
        PID:6364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12600.exe
        5⤵
        
        PID:16360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        5⤵
        
        PID:17704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        5⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:14292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
        5⤵
        
        PID:10820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
        5⤵
        
        PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
      4⤵
      PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        5⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59034.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:17984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
      4⤵
      PID:8720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
      4⤵
      PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
      4⤵
      PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
      4⤵
      PID:16464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        6⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
        7⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        8⤵
        
        PID:13616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        7⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        6⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        6⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        6⤵
        
        PID:9664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        6⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5472.exe
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        6⤵
        
        PID:14552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
        5⤵
        
        PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        6⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        5⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        5⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29579.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        5⤵
        
        PID:15144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53203.exe
      4⤵
      PID:16112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
      4⤵
      PID:17948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62279.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
        6⤵
        
        PID:10440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        6⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44446.exe
        5⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19853.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        5⤵
        
        PID:2984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 448
        6⤵
        Program crash
        
        PID:17584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:14972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58565.exe
      4⤵
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:14104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:15376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
      4⤵
      PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        5⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        5⤵
        
        PID:11172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        5⤵
        
        PID:14052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        5⤵
        
        PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
      4⤵
      PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
      4⤵
      PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
      4⤵
      PID:13696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
      4⤵
      PID:17332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
    3⤵
    PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
      4⤵
      PID:7448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19329.exe
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
      4⤵
      PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
      4⤵
      PID:5080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
    3⤵
    PID:7744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
    3⤵
    PID:10716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
    3⤵
    PID:13500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
    3⤵
    PID:17368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25827.exe
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        8⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        8⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:18076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        7⤵
        
        PID:12908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40553.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        6⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        6⤵
        
        PID:16496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
        6⤵
        
        PID:18256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        6⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59350.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        5⤵
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1381.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2858.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        6⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
        6⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        6⤵
        
        PID:14576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        6⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        5⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        5⤵
        
        PID:13408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        5⤵
        
        PID:3684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 452
        6⤵
        Program crash
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62583.exe
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
        6⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7041.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2520.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        5⤵
        
        PID:9388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        5⤵
        
        PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64046.exe
      4⤵
      PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39053.exe
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
      4⤵
      PID:16464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39703.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        6⤵
        
        PID:17640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47622.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        5⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27829.exe
        5⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15645.exe
        5⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
      4⤵
      PID:11580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
      4⤵
      PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
      4⤵
      PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
        5⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        5⤵
        
        PID:3028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 436
        6⤵
        Program crash
        
        PID:17760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:15836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
      4⤵
      PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
      4⤵
      PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      4⤵
      PID:1068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
    3⤵
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
      4⤵
      PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
      4⤵
      PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
      4⤵
      PID:18052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
    3⤵
    PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
    3⤵
    PID:7892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
    3⤵
    PID:13912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
    3⤵
    PID:17132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 17132 -s 464
      4⤵
      Program crash
      PID:18008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
    3⤵
    PID:18132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60191.exe
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        7⤵
        
        PID:17404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17404 -s 464
        8⤵
        Program crash
        
        PID:17776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
        5⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        5⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
        5⤵
        
        PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
      4⤵
      PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        5⤵
        
        PID:17548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        5⤵
        
        PID:18256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
      4⤵
      PID:9056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
      4⤵
      PID:16160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
      4⤵
      PID:17960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:13208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
      4⤵
      PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        5⤵
        
        PID:14436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:13960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
      4⤵
      PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
      4⤵
      PID:18104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
      4⤵
      PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
      4⤵
      PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
      4⤵
      PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
      4⤵
      PID:16528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16076.exe
    3⤵
    PID:7648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
      4⤵
      PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
      4⤵
      PID:17480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
    3⤵
    PID:10468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
    3⤵
    PID:14232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
    3⤵
    PID:16412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
    3⤵
    PID:1988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58195.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
        5⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14617.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        6⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        5⤵
        
        PID:12028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        5⤵
        
        PID:14712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        5⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        5⤵
        
        PID:18180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18509.exe
        5⤵
        
        PID:15788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27533.exe
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        5⤵
        
        PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6676.exe
      4⤵
      PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
      4⤵
      PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
      4⤵
      PID:1828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 452
        5⤵
        Program crash
        
        PID:18260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34637.exe
    3⤵
    PID:6072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
      4⤵
      PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
      4⤵
      PID:14420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
      4⤵
      PID:17904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
    3⤵
    PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28671.exe
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60518.exe
      4⤵
      PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
      4⤵
      PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
    3⤵
    PID:9156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
    3⤵
    PID:13840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
    3⤵
    PID:17084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
    3⤵
    PID:18408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45567.exe
    3⤵
    PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        5⤵
        
        PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40413.exe
      4⤵
      PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
      4⤵
      PID:16344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
      4⤵
      PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29784.exe
    3⤵
    PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
    3⤵
    PID:9724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
    3⤵
    PID:13268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
    3⤵
    PID:16400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
  2⤵
  PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
    3⤵
    PID:5156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
    3⤵
    PID:11204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
    3⤵
    PID:14028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
    3⤵
    PID:16520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
  2⤵
  PID:7392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
  2⤵
  PID:9568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
  2⤵
  PID:13828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
  2⤵
  PID:17164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7252 -ip 7252
1⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6804 -ip 6804
1⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 16380 -ip 16380
1⤵
PID:17956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1828 -ip 1828
1⤵
PID:18000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 16316 -ip 16316
1⤵
PID:18132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 16496 -ip 16496
1⤵
PID:18220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 16424 -ip 16424
1⤵
PID:18348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 15316 -ip 15316
1⤵
PID:18392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 16068 -ip 16068
1⤵
PID:18416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 15368 -ip 15368
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 16284 -ip 16284
1⤵
PID:17520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3028 -ip 3028
1⤵
PID:17608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 17164 -ip 17164
1⤵
PID:17732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3856 -ip 3856
1⤵
PID:17804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 16464 -ip 16464
1⤵
PID:17876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 17040 -ip 17040
1⤵
PID:17972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 17116 -ip 17116
1⤵
PID:18072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 18072 -s 308
  2⤵
  - Program crash
  PID:17472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 18072 -ip 18072
1⤵
PID:17768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 17332 -ip 17332
1⤵
PID:18228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 15376 -ip 15376
1⤵
PID:18220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 17084 -ip 17084
1⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 17368 -ip 17368
1⤵
PID:16488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2984 -ip 2984
1⤵
PID:17904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 3860 -ip 3860
1⤵
PID:17728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 17276 -ip 17276
1⤵
PID:17568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 17268 -ip 17268
1⤵
PID:17752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 17324 -ip 17324
1⤵
PID:18012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 3572 -ip 3572
1⤵
PID:17692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 16988 -ip 16988
1⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 2148 -ip 2148
1⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 17056 -ip 17056
1⤵
PID:18224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 3576 -ip 3576
1⤵
PID:18032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 1592 -ip 1592
1⤵
PID:14884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 3016 -ip 3016
1⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1028 -ip 1028
1⤵
PID:16488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe

Filesize
468KB

MD5
5a1386fe58fb73eccf1272a3a866df05

SHA1
f0a54053b25dbd751c37935786c22d46874381d9

SHA256
9b6eec44750ed312e4a9210d32071172396a9a23c69bf6424a19e23e6bb693a0

SHA512
ec9ebba3c58c628569445bd130448d4e2e5f57e51ce3d58aa4f37a8ce72b083057aac2563576d4cf59ceb18a81161b436eed1f8c9991dec877c80b82724c059a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe

Filesize
468KB

MD5
d40ae7d223d2deed4a177123d6f9f06d

SHA1
847463114381eeb557833d4abf356ba402a8909d

SHA256
991d2be8c38fddb97a993c635b37d39dd4d2996622356f6f78bdc69575f8ece5

SHA512
61fa252893380f3a7c9e4d600dcb5bf3032a711dd3bf0c85672c7c3bf31596c89e6f20b4133009a5fd08af1b013d580edb57c09743e77b8a978b6e15a64e28b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe

Filesize
468KB

MD5
ec247aa7d00a9bac9b9328a9ec88c29f

SHA1
546c6335c82f9d0f0f5f414d0d328115d7c9fdfc

SHA256
1be2b911ab38e685a0ab6f9981d3e7c3980d75b4de176a2c82a2560a114ac29f

SHA512
8c749988c41f8e2ab1e8b401cac7f8582dd3338faf203f26915e4c1cd4caa212394fff1929a5b115352479bcd2f017182fec285c063105249d8d5aaf57bf508c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe

Filesize
468KB

MD5
0f153e5fc892655ca5c2116214355904

SHA1
afae23fa842ff52c6dfe6268d0508b14114f8b0d

SHA256
3f2e2317844a39d1e8f414f3226a0b8942ce57938e8e3213936f79dc0db3d348

SHA512
1d22eb71795e9af605a334eecf4e58a8fa875dd744abfd5edfcf8e6ff948cb1e84e0cc976654ccbe5a10586296651a6e3d3f18f962e5db2f1dffb9db60ae3c2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe

Filesize
468KB

MD5
facd34fd7a1d6db890cd67e3761f2fa4

SHA1
d9a2f012f7bc74683398e956db24f9f37732b413

SHA256
cf64b807d7a1aabb47d29581bb3ce606cb775247160e484afe166892a5b4d744

SHA512
f56a11246f6d480b36ae1805bae949cafd0ae6ee5ede36637f38026dd122aae675eaa7576ad5760f7efec77b0673f7b54fc656379d47f6c25c166d40f7877aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe

Filesize
468KB

MD5
304ac57791013440561fb092363444d9

SHA1
4c46d3e401f591292756bbf6691be669ced1fb24

SHA256
1201ff757212d8b82451f4b793d4b02c695d68304e8f5f1ce489efaf16eb85c8

SHA512
7d04739c5db0addac5a568421a70510af7effac27e2e8d43149ff16e44f28f12d46fdb507d741b681abae8154cdba5a6d11550e20bdc4d44b906346b9538f5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe

Filesize
468KB

MD5
1efe254053d90d287e0a0dbd14b68bfb

SHA1
0601de4c985c27c21236c34840ae298cbd1d118b

SHA256
9dfd34da994629fee149c77362f07d0aa12cbd2ea7656cb19b008d5a3326f641

SHA512
2701c08938e2fec73c1291dda6abd40b28c5b5e95c389bc39be09d4285eb9fa0d68edee6d6be113463aa0f74b3bd8af2572aff129b6f4dbed0faa57fd062e346

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe

Filesize
468KB

MD5
e445e097ef1b8ee8a5e88fb8a2c98e30

SHA1
66657fb1a6337cb4724a0ecfdfc1cd046859315d

SHA256
9f5a167fc44d3211eed6089c5bda50464b054ce72b2ad8d4b7c2716e56c5f34d

SHA512
85b0b2cf114c7e46cc67bdac545724a1f05b34cc7b52fa47c0641cb12defd41eac61537582af4ffc7a2970f74241bd7b8bd8c5aba915fdac53913f4aedf20102

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30981.exe

Filesize
468KB

MD5
d9d0a078b04078203aa1e05b07a309c5

SHA1
79a3a2f4b72df528a93c7251ef140919c6e2be59

SHA256
2152dea15ff59e79cbc0b9dae10c7b8e31e06139de98c4313c49dfe3c803e566

SHA512
5b9c7e71dbf4e1bc331ef06ed341967a2e60193c4e69f8ecba26980a8ab67f65594fb06efb12544ad5e24354266ee9f90ae8a518a00ca0965d6a50219f53a789

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe

Filesize
468KB

MD5
00d8fbc1053191a1c304885099b51468

SHA1
791fdfe33cf6ebc1f3b879c0bd26d64d9e19477f

SHA256
3d851c09bd04d7bf0daced4bba0c510a11b005a01aaeef437473e8fa31025285

SHA512
5bb0179628f3293cdf278a7061cbd1c157bf8526ccd48f7e312f20b5e3a7107c5bb2fb8b9a5e904e10457a6c05b9d2d8adf0f96dc7106a2e3250178f06017621

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe

Filesize
468KB

MD5
4726f814ceabeb95e54dc4c95f4e41b8

SHA1
9f135fb7d76a331a03832b704937d0118665465d

SHA256
03f6b31759ed0266d1e782d9cfaaafdfce8babbbd6918f6c8e7a552761541c48

SHA512
2c2da9e857b1860b2eb0e9405d2e56499839091fae9472318d581aa3f1ad0b94f2d24545f4ee1506c581663f375ad14b6d5abf363adc6a4716c017721e48d8cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35995.exe

Filesize
468KB

MD5
5d65927804eb5db62e9b510899680f73

SHA1
f4366df7b6d227fcd0726327f96a1b71deed7d78

SHA256
d964cc8dd616c44074b4f605b3908771b093f38db0a6561a863b0f4d7e045e7c

SHA512
d757f45a4c0cc6265280a0aceb2c58e1294796cac816e609485612e2b71e13059868a3170b2bcf97d8610408364c5f066bd497a22dd61356b74cce1e081aa1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe

Filesize
468KB

MD5
7c58d042afe3b1adebc3d9efefda4ebb

SHA1
d30c89593c9a2bdae557da0df50b6e825cde6a8e

SHA256
9f9a6b4111440cb82ce94a8fbd2d75aaa2ffef30887b014bafea15cb90cc546f

SHA512
76085c428524b537f3ab6e782ca8c290ffd38ac2b97579629804456aab6135968bfd90728b6a6029db2f768eec6bbab7d36009c49cd93760fd7c6987729bc0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe

Filesize
468KB

MD5
b0e1a71ec470e19611bf5d4173c1720d

SHA1
84642ac58f7dde70344c7af20559ea3a917b014b

SHA256
f65191fdc69087a091706ffe0978ede24c408075c78055a1bf9bae1c5b18a563

SHA512
614d8d01e4ab61f6a55c8cee69635f75230f9bd127a9e2e219e268f070d4ea42b3601ea60654c2e331bd042c9005fd164e50c17e631e8d3d561fde08d3f51dc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe

Filesize
468KB

MD5
bf2cc8c18ec91d13cbbc40681a3f4b9c

SHA1
58c29851a38784c99c13045ff37da70233e4a589

SHA256
95f7ccfb9cf9fe7629dd7b5581b1cfc14db708378ec7f04d70f1ece1dd4f8908

SHA512
38e77b2b2d232aef1b31cda2f37ba3c0a89769055fc302fa45051ffe58e5b43722caa1de2b3f1537d30eb38ac6dbae4d6cb7a5bd9505d8aabf0cd8e9b8e49e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe

Filesize
468KB

MD5
52ee375120fbeee2d5dd724e98cdc3f4

SHA1
b43896bd7f589bab1622f8077dfef05df959d12e

SHA256
f89e80f0e1112b1aff1554006dc6e9d578402dae12ea64fa246fe378d1267b1d

SHA512
c3fce08dab25c43ca92f83b4c23039a89ee933ebb6f817499b37e2587df5d420220300c14b1ca5c30871873492f7fc1de6ce8d011e3c2e69ffba5481ba1e6e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe

Filesize
468KB

MD5
0168857cf813d9538781e99355f832ee

SHA1
46a53f7cc09a232dee07a417e8bd955060bc5337

SHA256
eeecd7ae565ac9ff4407499512c8e9b44709f80765a232557992994e35dee39c

SHA512
16fdfd644e069622907b74d381ecf7254ad647aece86c4c5f99a3ad8efc18fe88e5361f071092ab01bdd722fc528e4ffe8a550ff7e9ba96b12bbaabfaccb0443

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe

Filesize
468KB

MD5
4e42e06baba9b5e6bb43be4ef9da2800

SHA1
7920f9cd0a0deabfcbb4f3760ad63cc8ce3a8906

SHA256
cc43c27e9f453d17b384f67848f600ed17dd491d0eec7654d08ddde105bdecc2

SHA512
18cbc3d29efc5c465bddcc049f42c32f26fe0d4c93dd10c77b3518d0212e2f24db369bd7d69c5f285743c4677991a02da0486b91b41ef1cacb46fdb1804bbf68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe

Filesize
468KB

MD5
5dc53966206911cb7d28c675f0baece0

SHA1
d2da4ed0bd336c87bcdfdff961055536c14fbe94

SHA256
bd568958a501f6d23cd57ff946a75cdfdcf376dab2d2f515ece234f7c62630c5

SHA512
aa0469f6cd6b648d335501ad501fcbc6d8b2eb0afd45d9bec58be7d5a2e63f2d6f0db4eabfad416fd77e9b43234945fb3955b9f95bfd88a5a32ba26e574ff5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe

Filesize
468KB

MD5
35f8de6c485c01c0710b8491fcdeaa6b

SHA1
d0f27e7fa909c0b5ad03f25f0e99e204cfc9b17e

SHA256
fec961a8aeb37dfd0617dc4a1700113ac9038f99eabfa969bcc123b39af95e26

SHA512
24f004aa6b4e3f06a38f0702244ab70bedba47cb36ad551b80580ef5697cb1448e1f6ab25c31181f9581b81192d4f791bf3a243ab70782a3dca3b5599f090d34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe

Filesize
468KB

MD5
44a50537144831b294aa57f34b4ffbca

SHA1
865daab3eb940f6c0998131b7d87362f3ea01727

SHA256
186a3fcf5b8d0ff222ba3957e4ac5283da3464a76157ec7a01f7591c8d34b31d

SHA512
559ecd7ba3064cfeee6190604bb79969a260aac00b7ea04d81c2e32af985f229aa759562bc2872daf34746194a4bc88268423a5c70734bcb3fed7a58901ed996

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe

Filesize
468KB

MD5
583245f7a5255015d9c93c836145d479

SHA1
f6bd418a7686a1a76f7a55760a59f66a24576944

SHA256
3809c9c3e1e325f2d35982d33e33d8f85872d9f7e74b705ed8df9b95bac49b7f

SHA512
f888c7eea47501ecf70c91d7d24472be13510368f151f6b6af3cb940450ef50257dc706da0ea3ca6b00a88b6c22875321ba34026fb1cce043d8c6c0c889ed160

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe

Filesize
468KB

MD5
ea15a13b90fff7cba15ee9ff59574b08

SHA1
7f5b8dcd5ecf294ed09163e3b2e50b3ba09ddcf3

SHA256
07d335869053b43d9c439447d43c9ee501c17930467cba1a2354f70534b4ff97

SHA512
3921784ef073d23deaf4ddcd912b49b7812205428517ed12527fba08cbf24271a5db70a79382c20b770f120a2c0a31be3877a4b0df40409865610b271a840dc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe

Filesize
468KB

MD5
81c26521f778da19ae22c3cc4b7ac676

SHA1
f1b097dc5f2e13642e15e129716d7f153ff89659

SHA256
b2f778f120e974c6f3bad7924e667b0dafe7092360ad654a608cce2042f0a3ef

SHA512
2bf41edd6d109ee3f47df1764593fc33fe5962a81ded80f377571ccfd4d698f240cce65bc010c809cfa71574f47240aeb26f4e06e7437d21f404caf1bd1e6917

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54355.exe

Filesize
468KB

MD5
179c4dcb59c3395f3e72c105a9d8667d

SHA1
12ff6a3e3fc176cc34cc680ca43a137ce9d54edb

SHA256
0ad2814b66d6fcf4cb6c3a6c498e39d1a93cf62c9ed0de01d9ded976ba45d685

SHA512
2d2f683f7f460799d6af925b19e2914c6b79386a5a57f4b060fd66d470410016c13ee4d28513866cb50dc82f62d435bfbec77f77618b49ec4d291131856685b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe

Filesize
468KB

MD5
c6aba041b8a150c2c16ec0fc8e8b03e4

SHA1
d43a24ad8cef7cfe6b79bdb77bc82ce1ca606cd6

SHA256
73b11aa52382b339c1dca0e39ffeda7a7a9e11580a684981bf97c26323557026

SHA512
abcf1c79d6b667c101882d562c9727f995ca67691e38692a4c12cc9e304893ad7d952c5f774e0c2658fee18971f18bb98e00bc8be01ceddee76e1e5c3f7842f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe

Filesize
468KB

MD5
2651c93d35e69d5706e6280db7e5651e

SHA1
5595b5be03b156fe2dec35b167482d126d039205

SHA256
071bed0fce6b137a6d7bcd18309a250f4457d1eeb5d558c9df5336c261b5c9f9

SHA512
fc8b9286aae2fb631c4819c6e615bbaccaa83363e6052ee6a9941925af145559118030e7f05e5c3d8e225f142b507ff43bc291e63c0d3e794d2c357dab7e9cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe

Filesize
468KB

MD5
51d96873ec5eda7dd6d0e85a808abced

SHA1
3a307021b54013aee973f69039ed0792683b3eca

SHA256
1d61c450102abb0975c76c6fd5033836aaed25b0cf121032113356fca37897a8

SHA512
c9f29ca7b70fc48c2c09ae89413edaafda376ba9a37f13c1ed97ce2d6472aae10c70a46ddfc3697685526eeedfbdddfd00ab99662410757ede71093bfc93e759

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe

Filesize
468KB

MD5
ca568b52ff61861f4595be1e5f97f931

SHA1
4c3793dde91479ff10545ce8c11e01aeca071393

SHA256
39d823b9724bb915a3ef1890ee927631e1690fbdcce9d42464cb24498e356070

SHA512
672638c21a7eff7341adcecc4a50d101a29615c3a513bb15b69cfd02d28ba445a3e7c3fc8ebef6d2a7c8ad7faf15c8eb88b7e55b03b002ce36c4d3d2b645cd5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe

Filesize
468KB

MD5
0b3e571bfc255e43d12c995759c7c1eb

SHA1
8a76c65ba162a7e9ebd69fe4a1e10348182dd1fc

SHA256
b255d84dcccbd2cacb918cd867aa043976c89b77bd69205be7014f5a9723d192

SHA512
28e8b2bf54f605a2c84ecce57572575adbf344622c615c7bc200ed43c76a7a01d759ebc890b337b0a9f652058a67dbaeeec58a440ca49a7f20df23b3115ee163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe

Filesize
468KB

MD5
6c4cfb5bc4d8130976495b3b20bda0c5

SHA1
2c10eeab4561ac6bacc4db151172e042e4769163

SHA256
94187cee64b94093fcede5532b1caf7d7128cd8941c262f1bf775e4e9b1e9f3f

SHA512
a4a4c1eecefc873436b1ff2f12d6e5944b62f836023da4467fcd652b9c9bcd1339db7f99cea72524805446f22d4417420954b9950c8d727034f4f328620f3aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe

Filesize
468KB

MD5
8889e63f6c5b68a5c2a805b557919224

SHA1
eb8532575cc861065f1113ba4965ecfa8a7dbee4

SHA256
95520760904dfcd8e9110ff01371ba5d53be2ea94b87f7f0639b06aa6e9a653a

SHA512
f0beb0a2c50b33ae03b1d83c70f51703cb161773abfcd941acb4f075c6a63e2cbad6352f097a5c4251e0eb251ed1b26cb8001c216b1f759496de1cebf7bda2d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe

Filesize
468KB

MD5
06f7d075b2f05aeb8f4eba9f9f876934

SHA1
7fd7bfca4fc643494acdf14d96f62a3564ca1b5f

SHA256
329027e5d4aca576bc45d3fdc1f7d663f25d995f6622842b2d62c68a7f0bdb6d

SHA512
b92476456dcc681df1e0612820d6a7d3a9fd8302986c6ff7156dba3318f01cbd0d56be49d91bdb10b444d74150ab3edd40b76c116c31766f8bc4c2f4407f2dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe

Filesize
468KB

MD5
5ecf9ba02a0b2d38eda6d446dfc84f01

SHA1
a72e022d022ab9c3d52fda56e3b3d9cc8aca0cc5

SHA256
90c5a30d523475a4b47f25697484842c19913e0b538d6619ecde3185b5422694

SHA512
500369a140c7f9ad43b39f7a7406de266f9031671f2da7e554c4942e2d7c4d445f6611f34e6f9e49f8958127ee802b093c82af04a5f1a3370a2595d754dba202

Download Submit
memory/3940-2956-0x00007FFF96980000-0x00007FFF969D9000-memory.dmp

Filesize
356KB

Download
memory/17084-3344-0x00007FFF97C90000-0x00007FFF97E85000-memory.dmp

Filesize
2.0MB

Download